pgmigg,
I have to split this into 2 replies to send it.
My TDSSKiller log is :
13:48:31.0968 0564 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
13:48:32.0328 0564 ============================================================
13:48:32.0328 0564 Current date / time: 2012/05/18 13:48:32.0328
13:48:32.0328 0564 SystemInfo:
13:48:32.0328 0564
13:48:32.0328 0564 OS Version: 5.1.2600 ServicePack: 3.0
13:48:32.0328 0564 Product type: Workstation
13:48:32.0343 0564 ComputerName: ABBOTT
13:48:32.0343 0564 UserName: Matthew Abbott
13:48:32.0343 0564 Windows directory: C:\WINDOWS
13:48:32.0343 0564 System windows directory: C:\WINDOWS
13:48:32.0343 0564 Processor architecture: Intel x86
13:48:32.0343 0564 Number of processors: 2
13:48:32.0343 0564 Page size: 0x1000
13:48:32.0343 0564 Boot type: Normal boot
13:48:32.0343 0564 ============================================================
13:48:33.0250 0564 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:48:33.0250 0564 ============================================================
13:48:33.0250 0564 \Device\Harddisk0\DR0:
13:48:33.0250 0564 MBR partitions:
13:48:33.0250 0564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1203EBBF
13:48:33.0250 0564 ============================================================
13:48:33.0296 0564 C: <-> \Device\Harddisk0\DR0\Partition0
13:48:33.0296 0564 ============================================================
13:48:33.0296 0564 Initialize success
13:48:33.0296 0564 ============================================================
13:48:35.0890 0540 ============================================================
13:48:35.0890 0540 Scan started
13:48:35.0890 0540 Mode: Manual;
13:48:35.0890 0540 ============================================================
13:48:36.0312 0540 Abiosdsk - ok
13:48:36.0328 0540 abp480n5 - ok
13:48:36.0406 0540 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:48:36.0421 0540 ACPI - ok
13:48:36.0468 0540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:48:36.0515 0540 ACPIEC - ok
13:48:36.0531 0540 adpu160m - ok
13:48:36.0609 0540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:48:36.0625 0540 aec - ok
13:48:36.0703 0540 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:48:36.0718 0540 AFD - ok
13:48:36.0718 0540 Aha154x - ok
13:48:36.0734 0540 aic78u2 - ok
13:48:36.0765 0540 aic78xx - ok
13:48:36.0812 0540 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:48:36.0812 0540 Alerter - ok
13:48:36.0875 0540 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:48:36.0890 0540 ALG - ok
13:48:36.0906 0540 AliIde - ok
13:48:37.0125 0540 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
13:48:37.0218 0540 Ambfilt - ok
13:48:37.0328 0540 amsint - ok
13:48:37.0500 0540 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:48:37.0500 0540 Apple Mobile Device - ok
13:48:37.0531 0540 AppMgmt - ok
13:48:37.0734 0540 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
13:48:37.0875 0540 AR5416 - ok
13:48:38.0000 0540 asc - ok
13:48:38.0015 0540 asc3350p - ok
13:48:38.0031 0540 asc3550 - ok
13:48:38.0171 0540 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:48:38.0250 0540 aspnet_state - ok
13:48:38.0312 0540 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
13:48:38.0328 0540 AsUpIO - ok
13:48:38.0390 0540 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
13:48:38.0390 0540 AsusACPI - ok
13:48:38.0453 0540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:48:38.0468 0540 AsyncMac - ok
13:48:38.0531 0540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
13:48:38.0562 0540 atapi - ok
13:48:38.0578 0540 Atdisk - ok
13:48:38.0625 0540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:48:38.0656 0540 Atmarpc - ok
13:48:38.0718 0540 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:48:38.0718 0540 AudioSrv - ok
13:48:38.0765 0540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:48:38.0765 0540 audstub - ok
13:48:38.0859 0540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:48:38.0859 0540 Beep - ok
13:48:39.0109 0540 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys
13:48:39.0125 0540 BHDrvx86 - ok
13:48:39.0234 0540 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:48:39.0281 0540 BITS - ok
13:48:39.0390 0540 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
13:48:39.0406 0540 Bonjour Service - ok
13:48:39.0484 0540 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:48:39.0484 0540 Browser - ok
13:48:39.0515 0540 btaudio - ok
13:48:39.0531 0540 BTDriver - ok
13:48:39.0562 0540 BTWDNDIS - ok
13:48:39.0578 0540 btwhid - ok
13:48:39.0609 0540 BTWUSB - ok
13:48:39.0625 0540 catchme - ok
13:48:39.0671 0540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:48:39.0703 0540 cbidf2k - ok
13:48:39.0734 0540 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:48:39.0750 0540 CCDECODE - ok
13:48:39.0890 0540 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
13:48:39.0906 0540 ccEvtMgr - ok
13:48:39.0921 0540 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
13:48:39.0937 0540 ccSetMgr - ok
13:48:39.0953 0540 cd20xrnt - ok
13:48:40.0031 0540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:48:40.0031 0540 Cdaudio - ok
13:48:40.0078 0540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:48:40.0125 0540 Cdfs - ok
13:48:40.0218 0540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:48:40.0234 0540 Cdrom - ok
13:48:40.0250 0540 Changer - ok
13:48:40.0281 0540 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:48:40.0296 0540 CiSvc - ok
13:48:40.0328 0540 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:48:40.0328 0540 ClipSrv - ok
13:48:40.0453 0540 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:48:40.0562 0540 clr_optimization_v2.0.50727_32 - ok
13:48:40.0640 0540 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:48:40.0640 0540 CmBatt - ok
13:48:40.0656 0540 CmdIde - ok
13:48:40.0734 0540 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\WINDOWS\system32\Drivers\COH_Mon.sys
13:48:40.0750 0540 COH_Mon - ok
13:48:40.0781 0540 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:48:40.0781 0540 Compbatt - ok
13:48:40.0796 0540 COMSysApp - ok
13:48:40.0843 0540 Cpqarray - ok
13:48:40.0921 0540 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:48:40.0921 0540 CryptSvc - ok
13:48:40.0937 0540 dac2w2k - ok
13:48:40.0968 0540 dac960nt - ok
13:48:41.0078 0540 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:48:41.0093 0540 DcomLaunch - ok
13:48:41.0171 0540 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:48:41.0171 0540 Dhcp - ok
13:48:41.0218 0540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:48:41.0218 0540 Disk - ok
13:48:41.0234 0540 dmadmin - ok
13:48:41.0359 0540 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:48:41.0437 0540 dmboot - ok
13:48:41.0500 0540 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:48:41.0500 0540 dmio - ok
13:48:41.0546 0540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:48:41.0578 0540 dmload - ok
13:48:41.0640 0540 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:48:41.0640 0540 dmserver - ok
13:48:41.0687 0540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:48:41.0703 0540 DMusic - ok
13:48:41.0750 0540 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:48:41.0750 0540 Dnscache - ok
13:48:41.0812 0540 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:48:41.0828 0540 Dot3svc - ok
13:48:41.0843 0540 dpti2o - ok
13:48:41.0890 0540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:48:41.0890 0540 drmkaud - ok
13:48:41.0953 0540 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
13:48:41.0953 0540 dsNcAdpt - ok
13:48:42.0140 0540 dsNcService (b9750c064b43c7a3bbc8a74f1127aa4e) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
13:48:42.0156 0540 dsNcService - ok
13:48:42.0187 0540 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:48:42.0187 0540 EapHost - ok
13:48:42.0343 0540 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:48:42.0343 0540 eeCtrl - ok
13:48:42.0390 0540 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
13:48:42.0390 0540 EraserUtilDrv11122 - ok
13:48:42.0437 0540 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:48:42.0484 0540 EraserUtilRebootDrv - ok
13:48:42.0531 0540 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:48:42.0531 0540 ERSvc - ok
13:48:42.0593 0540 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:48:42.0609 0540 Eventlog - ok
13:48:42.0687 0540 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:48:42.0750 0540 EventSystem - ok
13:48:42.0828 0540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:48:42.0875 0540 Fastfat - ok
13:48:42.0937 0540 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:48:42.0953 0540 FastUserSwitchingCompatibility - ok
13:48:43.0000 0540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:48:43.0015 0540 Fdc - ok
13:48:43.0031 0540 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:48:43.0046 0540 Fips - ok
13:48:43.0078 0540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:48:43.0078 0540 Flpydisk - ok
13:48:43.0156 0540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:48:43.0156 0540 FltMgr - ok
13:48:43.0281 0540 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:48:43.0328 0540 FontCache3.0.0.0 - ok
13:48:43.0375 0540 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
13:48:43.0390 0540 fssfltr - ok
13:48:43.0578 0540 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:48:43.0750 0540 fsssvc - ok
13:48:43.0796 0540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:48:43.0796 0540 Fs_Rec - ok
13:48:43.0875 0540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:48:43.0906 0540 Ftdisk - ok
13:48:43.0953 0540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:48:43.0953 0540 GEARAspiWDM - ok
13:48:44.0000 0540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:48:44.0015 0540 Gpc - ok
13:48:44.0125 0540 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:48:44.0140 0540 gupdate - ok
13:48:44.0156 0540 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:48:44.0171 0540 gupdatem - ok
13:48:44.0234 0540 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:48:44.0250 0540 HDAudBus - ok
13:48:44.0359 0540 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:48:44.0359 0540 helpsvc - ok
13:48:44.0406 0540 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:48:44.0406 0540 HidServ - ok
13:48:44.0437 0540 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:48:44.0468 0540 HidUsb - ok
13:48:44.0531 0540 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:48:44.0531 0540 hkmsvc - ok
13:48:44.0546 0540 hpn - ok
13:48:44.0656 0540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:48:44.0703 0540 HTTP - ok
13:48:44.0750 0540 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:48:44.0765 0540 HTTPFilter - ok
13:48:44.0781 0540 i2omgmt - ok
13:48:44.0796 0540 i2omp - ok
13:48:44.0859 0540 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:48:44.0875 0540 i8042prt - ok
13:48:45.0500 0540 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:48:45.0765 0540 ialm - ok
13:48:45.0984 0540 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
13:48:46.0000 0540 iaStor - ok
13:48:46.0156 0540 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:48:46.0296 0540 idsvc - ok
13:48:46.0562 0540 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120516.001\IDSxpx86.sys
13:48:46.0562 0540 IDSxpx86 - ok
13:48:46.0718 0540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:48:46.0734 0540 Imapi - ok
13:48:46.0781 0540 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:48:46.0828 0540 ImapiService - ok
13:48:46.0859 0540 ini910u - ok
13:48:47.0390 0540 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:48:47.0484 0540 IntcAzAudAddService - ok
13:48:47.0609 0540 IntelIde - ok
13:48:47.0656 0540 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:48:47.0671 0540 intelppm - ok
13:48:47.0703 0540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:48:47.0718 0540 Ip6Fw - ok
13:48:47.0734 0540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:48:47.0765 0540 IpFilterDriver - ok
13:48:47.0796 0540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:48:47.0828 0540 IpInIp - ok
13:48:47.0859 0540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:48:47.0859 0540 IpNat - ok
13:48:48.0062 0540 iPod Service (82b9bf8f3cb7f443fbb7fecd5350665b) C:\Program Files\iPod\bin\iPodService.exe
13:48:48.0093 0540 iPod Service - ok
13:48:48.0187 0540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:48:48.0187 0540 IPSec - ok
13:48:48.0250 0540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:48:48.0281 0540 IRENUM - ok
13:48:48.0359 0540 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:48:48.0359 0540 isapnp - ok
13:48:48.0484 0540 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
13:48:48.0500 0540 JavaQuickStarterService - ok
13:48:48.0562 0540 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:48:48.0593 0540 Kbdclass - ok
13:48:48.0656 0540 kbfiltr (7f2b8d0b31fb4a797e5786ef124c5a80) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
13:48:48.0656 0540 kbfiltr - ok
13:48:48.0734 0540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:48:48.0750 0540 kmixer - ok
13:48:48.0828 0540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:48:48.0843 0540 KSecDD - ok
13:48:48.0921 0540 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
13:48:48.0921 0540 L1c - ok
13:48:48.0984 0540 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:48:49.0000 0540 LanmanServer - ok
13:48:49.0078 0540 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:48:49.0109 0540 lanmanworkstation - ok
13:48:49.0125 0540 lbrtfdc - ok
13:48:49.0203 0540 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:48:49.0203 0540 LmHosts - ok
13:48:49.0250 0540 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:48:49.0265 0540 Messenger - ok
13:48:49.0375 0540 Microsoft SharePoint Workspace Audit Service - ok
13:48:49.0437 0540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:48:49.0437 0540 mnmdd - ok
13:48:49.0500 0540 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:48:49.0500 0540 mnmsrvc - ok
13:48:49.0546 0540 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:48:49.0546 0540 Modem - ok
13:48:49.0750 0540 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
13:48:49.0828 0540 Monfilt - ok
13:48:49.0890 0540 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:48:49.0906 0540 Mouclass - ok
13:48:49.0953 0540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:48:49.0984 0540 mouhid - ok
13:48:50.0046 0540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:48:50.0062 0540 MountMgr - ok
13:48:50.0062 0540 mraid35x - ok
13:48:50.0140 0540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:48:50.0140 0540 MRxDAV - ok
13:48:50.0234 0540 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:48:50.0281 0540 MRxSmb - ok
13:48:50.0328 0540 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:48:50.0328 0540 MSDTC - ok
13:48:50.0359 0540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:48:50.0375 0540 Msfs - ok
13:48:50.0390 0540 MSIServer - ok
13:48:50.0437 0540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:48:50.0437 0540 MSKSSRV - ok
13:48:50.0468 0540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:48:50.0468 0540 MSPCLOCK - ok
13:48:50.0500 0540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:48:50.0500 0540 MSPQM - ok
13:48:50.0562 0540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:48:50.0562 0540 mssmbios - ok
13:48:50.0625 0540 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:48:50.0625 0540 MSTEE - ok
13:48:50.0687 0540 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:48:50.0687 0540 Mup - ok
13:48:50.0734 0540 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:48:50.0750 0540 NABTSFEC - ok
13:48:50.0796 0540 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:48:50.0828 0540 napagent - ok
13:48:51.0062 0540 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.005\NAVENG.SYS
13:48:51.0062 0540 NAVENG - ok
13:48:51.0250 0540 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.005\NAVEX15.SYS
13:48:51.0312 0540 NAVEX15 - ok
13:48:51.0515 0540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:48:51.0531 0540 NDIS - ok
13:48:51.0578 0540 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:48:51.0593 0540 NdisIP - ok
13:48:51.0640 0540 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:48:51.0656 0540 NdisTapi - ok
13:48:51.0703 0540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:48:51.0718 0540 Ndisuio - ok
13:48:51.0765 0540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:48:51.0781 0540 NdisWan - ok
13:48:51.0843 0540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:48:51.0843 0540 NDProxy - ok
13:48:51.0921 0540 NEOFLTR_650_14951 (0fc1898e1ebd9b22272243d4ea4168d1) C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS
13:48:51.0921 0540 NEOFLTR_650_14951 - ok
13:48:51.0984 0540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:48:51.0984 0540 NetBIOS - ok
13:48:52.0031 0540 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:48:52.0046 0540 NetBT - ok
13:48:52.0078 0540 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:48:52.0093 0540 NetDDE - ok
13:48:52.0109 0540 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:48:52.0125 0540 NetDDEdsdm - ok
13:48:52.0187 0540 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:52.0203 0540 Netlogon - ok
13:48:52.0265 0540 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:48:52.0296 0540 Netman - ok
13:48:52.0406 0540 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:48:52.0500 0540 NetTcpPortSharing - ok
13:48:52.0578 0540 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:48:52.0593 0540 Nla - ok
13:48:52.0640 0540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:48:52.0640 0540 Npfs - ok
13:48:52.0750 0540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:48:52.0781 0540 Ntfs - ok
13:48:52.0796 0540 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:52.0812 0540 NtLmSsp - ok
13:48:52.0890 0540 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:48:52.0921 0540 NtmsSvc - ok
13:48:52.0984 0540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:48:52.0984 0540 Null - ok
13:48:53.0015 0540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:48:53.0046 0540 NwlnkFlt - ok
13:48:53.0078 0540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:48:53.0093 0540 NwlnkFwd - ok
13:48:53.0203 0540 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:48:53.0218 0540 ose - ok
13:48:53.0765 0540 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:48:54.0062 0540 osppsvc - ok
13:48:54.0187 0540 PACS Client Updater (9acf3e3e177ff477b6f17bc61d24ed31) C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
13:48:54.0187 0540 PACS Client Updater - ok
13:48:54.0359 0540 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:48:54.0390 0540 Parport - ok
13:48:54.0453 0540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:48:54.0453 0540 PartMgr - ok
13:48:54.0500 0540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:48:54.0531 0540 ParVdm - ok
13:48:54.0562 0540 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:48:54.0593 0540 PCI - ok
13:48:54.0609 0540 PCIDump - ok
13:48:54.0640 0540 PCIIde - ok
13:48:54.0687 0540 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:48:54.0750 0540 Pcmcia - ok
13:48:54.0765 0540 PDCOMP - ok
13:48:54.0796 0540 PDFRAME - ok
13:48:54.0812 0540 PDRELI - ok
13:48:54.0828 0540 PDRFRAME - ok
13:48:54.0859 0540 perc2 - ok
13:48:54.0875 0540 perc2hib - ok
13:48:54.0968 0540 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:48:54.0968 0540 PlugPlay - ok
13:48:55.0031 0540 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:55.0031 0540 PolicyAgent - ok
13:48:55.0109 0540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:48:55.0109 0540 PptpMiniport - ok
13:48:55.0125 0540 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:55.0125 0540 ProtectedStorage - ok
13:48:55.0140 0540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:48:55.0156 0540 PSched - ok
13:48:55.0187 0540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:48:55.0187 0540 Ptilink - ok
13:48:55.0203 0540 ql1080 - ok
13:48:55.0218 0540 Ql10wnt - ok
13:48:55.0234 0540 ql12160 - ok
13:48:55.0250 0540 ql1240 - ok
13:48:55.0265 0540 ql1280 - ok
13:48:55.0296 0540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:48:55.0312 0540 RasAcd - ok
13:48:55.0359 0540 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:48:55.0359 0540 RasAuto - ok
13:48:55.0406 0540 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:48:55.0406 0540 Rasl2tp - ok
13:48:55.0453 0540 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:48:55.0468 0540 RasMan - ok
13:48:55.0484 0540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:48:55.0500 0540 RasPppoe - ok
13:48:55.0515 0540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:48:55.0515 0540 Raspti - ok
13:48:55.0578 0540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:48:55.0593 0540 Rdbss - ok
13:48:55.0671 0540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:48:55.0671 0540 RDPCDD - ok
13:48:55.0750 0540 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:48:55.0796 0540 RDPWD - ok
13:48:55.0875 0540 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:48:55.0890 0540 RDSessMgr - ok
13:48:55.0953 0540 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:48:55.0953 0540 redbook - ok
13:48:56.0000 0540 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:48:56.0031 0540 RemoteAccess - ok
13:48:56.0078 0540 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:48:56.0093 0540 RpcLocator - ok
13:48:56.0171 0540 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:48:56.0187 0540 RpcSs - ok
13:48:56.0265 0540 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:48:56.0312 0540 RSVP - ok
13:48:56.0359 0540 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:56.0359 0540 SamSs - ok
13:48:56.0406 0540 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:48:56.0421 0540 SCardSvr - ok
13:48:56.0500 0540 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:48:56.0515 0540 Schedule - ok
13:48:56.0562 0540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:48:56.0593 0540 Secdrv - ok
13:48:56.0671 0540 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:48:56.0671 0540 seclogon - ok
13:48:56.0718 0540 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:48:56.0718 0540 SENS - ok
13:48:56.0937 0540 SepMasterService (74885bdff62e537f268ebf8e8cec24bb) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
13:48:56.0937 0540 SepMasterService - ok
13:48:57.0015 0540 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:48:57.0015 0540 Serial - ok
13:48:57.0078 0540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:48:57.0078 0540 Sfloppy - ok
13:48:57.0171 0540 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:48:57.0187 0540 SharedAccess - ok
13:48:57.0250 0540 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:48:57.0265 0540 ShellHWDetection - ok
13:48:57.0281 0540 Simbad - ok
13:48:57.0328 0540 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:48:57.0359 0540 SLIP - ok
13:48:57.0562 0540 SmcService (244687a7f63848235b8b5cc493b6caff) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
13:48:57.0750 0540 SmcService - ok
13:48:57.0828 0540 SNAC (6cd803703835cc3ea4e8d47b2517f1c1) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe
13:48:57.0890 0540 SNAC - ok
13:48:58.0171 0540 SNP2UVC (473f35e2a378b854731e67c377a3bea7) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
13:48:58.0250 0540 SNP2UVC - ok
13:48:58.0343 0540 Sparrow - ok
13:48:58.0359 0540 SPBBCDrv - ok
13:48:58.0421 0540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:48:58.0421 0540 splitter - ok
13:48:58.0484 0540 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:48:58.0484 0540 Spooler - ok
13:48:58.0546 0540 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:48:58.0562 0540 sr - ok
13:48:58.0656 0540 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:48:58.0703 0540 srservice - ok
13:48:58.0859 0540 SRTSP (818ff33e09c5ef86e721e1fc00154564) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSP.SYS
13:48:58.0875 0540 SRTSP - ok
13:48:58.0968 0540 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
13:48:58.0984 0540 SRTSPL - ok
13:48:59.0031 0540 SRTSPX (3c01529e8b986d9dc7489f7ce8bcad91) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSPX.SYS
13:48:59.0046 0540 SRTSPX - ok
13:48:59.0156 0540 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:48:59.0171 0540 Srv - ok
13:48:59.0218 0540 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:48:59.0234 0540 SSDPSRV - ok
13:48:59.0296 0540 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
13:48:59.0312 0540 StillCam - ok
13:48:59.0406 0540 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:48:59.0437 0540 stisvc - ok
13:48:59.0468 0540 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:48:59.0484 0540 streamip - ok
13:48:59.0500 0540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:48:59.0546 0540 swenum - ok
13:48:59.0593 0540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:48:59.0593 0540 swmidi - ok
13:48:59.0609 0540 SwPrv - ok
13:48:59.0640 0540 symc810 - ok
13:48:59.0656 0540 symc8xx - ok
13:48:59.0796 0540 SymDS (4f52d56310fef75249914f352dde7d13) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMDS.SYS
13:48:59.0859 0540 SymDS - ok
13:49:00.0015 0540 SymEFA (71b5577badcf9c9420393395601bb995) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMEFA.SYS
13:49:00.0093 0540 SymEFA - ok
13:49:00.0171 0540 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:49:00.0171 0540 SymEvent - ok
13:49:00.0234 0540 SymIRON (7450a24afbc9b0804d0a987204ffc0f8) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\Ironx86.SYS
13:49:00.0250 0540 SymIRON - ok
13:49:00.0296 0540 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
13:49:00.0328 0540 SYMREDRV - ok
13:49:00.0421 0540 SYMTDI (2b574c93d074222d2bc8ff9a27567bfd) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMTDI.SYS
13:49:00.0421 0540 SYMTDI - ok
13:49:00.0437 0540 sym_hi - ok
13:49:00.0468 0540 sym_u3 - ok
13:49:00.0625 0540 SynapseUpdateSvc (8acc90c2c0f57e2892f986cc336bd0c4) C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe
13:49:00.0687 0540 SynapseUpdateSvc - ok
13:49:00.0765 0540 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:49:00.0781 0540 SynTP - ok
13:49:00.0843 0540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:49:00.0859 0540 sysaudio - ok
13:49:00.0906 0540 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:49:00.0968 0540 SysmonLog - ok
13:49:01.0031 0540 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:49:01.0046 0540 TapiSrv - ok
13:49:01.0140 0540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:49:01.0156 0540 Tcpip - ok
13:49:01.0218 0540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:49:01.0250 0540 TDPIPE - ok
13:49:01.0296 0540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:49:01.0328 0540 TDTCP - ok
13:49:01.0375 0540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:49:01.0390 0540 TermDD - ok
13:49:01.0453 0540 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:49:01.0468 0540 TermService - ok
13:49:01.0531 0540 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:49:01.0546 0540 Themes - ok
13:49:01.0593 0540 TosIde - ok
13:49:01.0671 0540 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:49:01.0671 0540 TrkWks - ok
13:49:01.0734 0540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:49:01.0765 0540 Udfs - ok
13:49:01.0781 0540 ultra - ok
13:49:01.0890 0540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:49:01.0906 0540 Update - ok
13:49:01.0968 0540 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:49:01.0984 0540 upnphost - ok
13:49:02.0015 0540 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:49:02.0031 0540 UPS - ok
13:49:02.0062 0540 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:49:02.0093 0540 usbccgp - ok
13:49:02.0156 0540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:49:02.0171 0540 usbehci - ok
13:49:02.0234 0540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:49:02.0265 0540 usbhub - ok
13:49:02.0312 0540 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:49:02.0359 0540 usbprint - ok
13:49:02.0406 0540 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:49:02.0453 0540 usbscan - ok
13:49:02.0500 0540 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:49:02.0515 0540 usbstor - ok
13:49:02.0562 0540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:49:02.0578 0540 usbuhci - ok
13:49:02.0640 0540 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:49:02.0703 0540 usbvideo - ok
13:49:02.0750 0540 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
13:49:02.0781 0540 uvclf - ok
13:49:02.0859 0540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:49:02.0859 0540 VgaSave - ok
13:49:02.0875 0540 ViaIde - ok
13:49:02.0984 0540 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:49:02.0984 0540 VolSnap - ok
13:49:03.0062 0540 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:49:03.0093 0540 VSS - ok
13:49:03.0171 0540 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:49:03.0203 0540 W32Time - ok
13:49:03.0281 0540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:49:03.0281 0540 Wanarp - ok
13:49:03.0390 0540 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:49:03.0406 0540 Wdf01000 - ok
13:49:03.0421 0540 WDICA - ok
13:49:03.0500 0540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:49:03.0515 0540 wdmaud - ok
13:49:03.0562 0540 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:49:03.0578 0540 WebClient - ok
13:49:03.0703 0540 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:49:03.0718 0540 winmgmt - ok
13:49:03.0796 0540 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:49:03.0828 0540 WmdmPmSN - ok
13:49:03.0921 0540 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:49:03.0984 0540 WmiApSrv - ok
13:49:04.0187 0540 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:49:04.0343 0540 WMPNetworkSvc - ok
13:49:04.0390 0540 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:49:04.0406 0540 WS2IFSL - ok
13:49:04.0437 0540 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:49:04.0453 0540 wscsvc - ok
13:49:04.0500 0540 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:49:04.0546 0540 WSTCODEC - ok
13:49:04.0609 0540 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:49:04.0625 0540 wuauserv - ok
13:49:04.0671 0540 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:49:04.0687 0540 WudfPf - ok
13:49:04.0765 0540 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:49:04.0812 0540 WudfRd - ok
13:49:04.0859 0540 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:49:04.0875 0540 WudfSvc - ok
13:49:04.0984 0540 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:49:05.0000 0540 WZCSVC - ok
13:49:05.0078 0540 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:49:05.0093 0540 xmlprov - ok
13:49:05.0156 0540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:49:05.0984 0540 \Device\Harddisk0\DR0 - ok
13:49:06.0000 0540 Boot (0x1200) (b055a910e0d627b4724382edca5af673) \Device\Harddisk0\DR0\Partition0
13:49:06.0000 0540 \Device\Harddisk0\DR0\Partition0 - ok
13:49:06.0000 0540 ============================================================
13:49:06.0000 0540 Scan finished
13:49:06.0000 0540 ============================================================
13:49:06.0031 1528 Detected object count: 0
13:49:06.0031 1528 Actual detected object count: 0
13:50:05.0609 3268 Deinitialize success
My OTL log is :
OTL logfile created on: 5/18/2012 4:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Matthew Abbott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1015.17 Mb Total Physical Memory | 385.97 Mb Available Physical Memory | 38.02% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 124.91 Gb Free Space | 86.67% Space Free | Partition Type: NTFS
Computer Name: ABBOTT | User Name: Matthew Abbott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/05/15 19:36:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\OTL.exe
PRC - [2011/10/30 21:01:00 | 001,667,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
PRC - [2011/09/20 23:58:00 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/10/22 16:49:52 | 000,199,680 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) -- C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe
PRC - [2010/10/22 16:11:44 | 000,243,072 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) -- C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/10/12 17:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/04/15 15:34:52 | 000,024,576 | ---- | M] (Agfa Healthcare) -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
PRC - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/12/29 19:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
PRC - [2009/12/12 00:14:58 | 000,994,216 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/11/09 18:34:04 | 000,401,072 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
PRC - [2009/06/26 17:13:00 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009/05/08 20:54:20 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009/04/30 14:49:42 | 000,385,024 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ========== MOD - [2012/01/12 14:18:27 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a437d5af\mscorlib.dll
MOD - [2012/01/12 14:18:09 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c543bd15\system.xml.dll
MOD - [2012/01/12 14:17:40 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4b9393da\system.dll
MOD - [2012/01/12 14:17:26 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/07 14:57:24 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2010/01/07 14:57:23 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/01/07 14:57:23 | 001,294,336 | ---- | M] () -- c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll
MOD - [2009/12/29 19:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
MOD - [2009/11/09 18:34:04 | 000,401,072 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/30 21:01:00 | 001,667,328 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/10/30 20:41:00 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe -- (SNAC)
SRV - [2011/09/20 23:58:00 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/22 16:49:52 | 000,199,680 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) [Auto | Running] -- C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe -- (SynapseUpdateSvc)
SRV - [2010/04/15 15:34:52 | 000,024,576 | ---- | M] (Agfa Healthcare) [Auto | Running] -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe -- (PACS Client Updater)
SRV - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SPBBCDrv)
DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\fgtdrpog.sys -- (fgtdrpog)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - [2012/05/15 20:19:07 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 20:19:07 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.023\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/03 01:27:14 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120517.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/25 14:40:39 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/04/25 14:40:39 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - [2012/04/02 19:40:10 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/25 20:12:20 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/03 05:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/27 19:45:00 | 000,522,872 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/09/27 19:45:00 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/09/13 19:46:00 | 000,137,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/09/08 20:24:00 | 000,370,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\symtdi.sys -- (SYMTDI)
DRV - [2011/08/27 19:48:00 | 000,758,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2011/07/16 19:48:00 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys -- (SymDS)
DRV - [2010/02/18 20:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/12/09 09:28:04 | 000,085,288 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_14951.SYS -- (NEOFLTR_650_14951) Juniper Networks TDI Filter Driver (NEOFLTR_650_14951)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/06 02:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/07/06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/04/27 07:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/14 03:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 20:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 01:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/11/19 05:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/11/03 19:03:28 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 22:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\.DEFAULT\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" =
http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1006
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes\{E1F1D83E-270B-054F-25C9-60461DF5B614}: "URL" =
http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z082&partner_id=249&product_id=628&affiliate_id=&channel=3_18&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110802&user_guid=59ED0A5B6EA145DA9D5560E93E82EB61&machine_id=e257fc4aca42a1f3aa4283be70bce6fa&browser=IE&os=win&os_version=5.1-x86-SP3
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/16 17:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\ [2012/05/18 13:31:13 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/05/17 17:12:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Synapse BHO Class) - {33414365-E6C7-460d-880A-A163BD69E84D} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe ()
O4 - HKLM..\Run: [FujiSynapseBridge] C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe (FUJIFILM Medical Systems U.S.A., Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Synapse URLSearchHook Configuration] C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\Matthew Abbott\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1FBD11EF-1260-11D1-87A7-444553540001} Local (Synapse)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
https://juniper.net/dana-cached/sc/Juni ... Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236E87B1-95E4-4041-A2ED-2E03B5E01403}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Matthew Abbott\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthew Abbott\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 21:20:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2012/05/18 13:47:58 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matthew Abbott\Desktop\TDSSKiller.exe
[2012/05/17 17:32:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/17 17:29:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\TFC.exe
[2012/05/17 16:56:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/17 16:56:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/17 16:56:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/17 16:56:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/15 19:36:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\OTL.exe
[2012/05/12 21:41:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/05/12 17:03:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/12 16:43:32 | 004,496,432 | R--- | C] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\ComboFix.exe
[2012/05/12 09:22:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Matthew Abbott\Desktop\aswMBR.exe
[2012/05/10 20:26:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\dds.scr
[2012/05/10 08:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/05/10 07:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Threat Expert
[2012/05/09 22:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/05/09 21:08:57 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/05/09 21:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/05/09 21:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/05/09 21:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Abbott\Application Data\TestApp
[2012/04/20 21:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\PDF2Office Personal v4.0
========== Files - Modified Within 30 Days ========== [2012/05/18 15:36:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 14:00:03 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/05/18 13:50:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\28l0vk3o.exe
[2012/05/18 13:47:23 | 002,107,843 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\tdsskiller.zip
[2012/05/18 13:31:09 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 13:30:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/18 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/05/17 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/05/17 17:29:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\TFC.exe
[2012/05/17 17:29:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/05/17 17:12:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/17 16:55:26 | 004,496,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\ComboFix.exe
[2012/05/17 16:15:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\KillBox.exe
[2012/05/17 13:45:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/17 10:33:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\MBR.dat
[2012/05/17 09:00:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/16 07:40:00 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matthew Abbott\Desktop\TDSSKiller.exe
[2012/05/15 20:00:06 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\SystemLook.exe
[2012/05/15 19:36:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\OTL.exe
[2012/05/13 07:47:09 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 21:43:47 | 000,445,394 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/12 21:43:46 | 000,073,120 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/12 21:37:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/12 17:03:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/12 09:22:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Matthew Abbott\Desktop\aswMBR.exe
[2012/05/10 20:27:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\dds.scr
[2012/05/09 21:09:43 | 000,587,581 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/04/23 14:17:56 | 000,203,088 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
========== Files Created - No Company Name ========== [2012/05/18 13:50:46 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\28l0vk3o.exe
[2012/05/18 13:47:22 | 002,107,843 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\tdsskiller.zip
[2012/05/17 16:56:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/17 16:56:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/17 16:56:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/17 16:56:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/17 16:56:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/17 16:13:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\KillBox.exe
[2012/05/15 20:00:04 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\SystemLook.exe
[2012/05/12 17:03:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/12 17:03:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/12 10:01:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\MBR.dat
[2012/05/09 21:09:15 | 000,587,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/24 12:47:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/14 21:04:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/12 19:06:29 | 000,000,074 | ---- | C] () -- C:\WINDOWS\webica.ini
[2011/11/12 19:06:29 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Concentr.ini
[2011/11/12 19:06:28 | 000,000,148 | ---- | C] () -- C:\WINDOWS\Citrix.ini
[2011/06/17 08:24:13 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\fusioncache.dat
[2011/06/06 16:04:39 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 14:24:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/23 16:23:01 | 000,077,620 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 04:47:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/31 18:25:36 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010/05/31 18:17:36 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
< End of report >