Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help removing Backdoor.Tidserv.I!inf


  • This topic is locked This topic is locked

#1
Kal Kylen

Kal Kylen

    New Member

  • Member
  • Pip
  • 2 posts
Hello there! First post and it is on a negative note :) So yeah, I need help removing the Backdoor.Tidserv.I!inf virus on a 64bit Windows 7 machine. I have tried running Norton and Malwarebyte's Anti-Malware, but neither can do anything about it. There seem to be lots of other removal tutorials but they are for other peoples computers and I know better than to follow these guides. Any guidance would be much appreciated!

Kyle
  • 0

Advertisements


#2
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hello Kal Kylen and welcome to G2G!

My name is Cold Titanium :) , and I will be assisting you with your problem. I am still in training, so all my replies need to be checked by an expert first. So there may be a slight delay in between replies.

Please follow all of my instructions without skipping anything. Also, please refrain from experimenting around whilst I am helping you. At times some of the things I tell you to do may seem unnecessary and frustrating, but just stick to it and we'll get through :)

:) Note: Please save these instructions in a file or print them out, as the internet may not be available while we are fixing the system.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #1

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top make sure it is set to Standard Output.
  • Ensure the Use SafeList is selected for Extra Registry
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    msconfig
    safebootminimal
    safebootnetwork
    activex
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #2

  • Download GMER to your desktop
  • Right-Click and extract it to the desktop
  • Double-Click gmer.exe
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. (Please be patient as it can take some time to complete)

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


After it finishes scanning
  • Click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it to your desktop

Post ark.txt in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I'd like to see OTL.txt, Extras.txt, and ark.txt in your next reply :)
  • 0

#3
Kal Kylen

Kal Kylen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hello Cold Titanium! Thank you for your reply! I have ran the OTL and it worked fine and saved the OTL.txt and Extras.txt files, but GMER loaded with an error message saying "C:\Windows\system32\config\system: The system cannot find the file specified." also, on the right hand panel, all the boxes are greyed until Services, Registry, and Files which are all ticked. It will scan, but shows that same error message before the scan starts, and once it is complete it says it found no wrong doings and there is no text when I save as ark.txt. Whats up with that?? Here are the OTL and Extras txts:

OTL

OTL logfile created on: 02/09/2010 21:12:12 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Kal Kylen\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 11.50 Gb Free Space | 4.94% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 74.52 Gb Total Space | 8.94 Gb Free Space | 12.00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.41 Gb Total Space | 860.25 Gb Free Space | 92.36% Space Free | Partition Type: NTFS

Computer Name: KALKYLEN
Current User Name: Kal Kylen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/02 17:58:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kal Kylen\Desktop\OTL.exe
PRC - [2010/08/12 13:15:19 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/12 13:15:19 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/07/01 22:47:20 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/01/25 11:40:00 | 001,135,232 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2010/01/24 23:02:16 | 005,297,072 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/19 20:40:56 | 009,900,672 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/01/19 16:43:02 | 001,060,992 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/01/15 17:41:22 | 000,863,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/28 14:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/10/16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/07/27 13:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe
PRC - [2009/03/30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2005/11/07 03:00:00 | 000,118,837 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\gigabeat room 3.0\TosGBWatcher.exe


========== Modules (SafeList) ==========

MOD - [2010/09/02 17:58:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kal Kylen\Desktop\OTL.exe
MOD - [2010/05/26 14:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2009/12/29 07:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 22:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/26 14:35:34 | 000,823,272 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/01/13 15:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/14 02:39:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV - [2010/08/12 13:15:19 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/26 16:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/07/01 22:47:20 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/28 14:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/10/16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/07/14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/07/14 02:14:39 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RT2500.sys -- (RT2500)
DRV:64bit: - [2010/08/12 13:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/07/19 00:07:05 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/07/04 15:47:16 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/07/01 22:47:22 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/07/01 22:47:22 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/07/01 22:47:22 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2010/07/01 22:47:22 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2010/07/01 22:47:22 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2010/07/01 22:47:22 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/07/01 22:47:22 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/05/26 14:35:12 | 000,033,008 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/03/10 11:36:40 | 000,230,904 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/02/01 14:20:24 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/20 22:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/01/13 15:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/13 15:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/13 14:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/24 09:31:07 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/08/23 15:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/27 13:44:48 | 000,392,712 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV:64bit: - [2009/07/16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009/06/10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/08/28 21:46:10 | 000,075,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jswscimdx.sys -- (JSWSCIMD)
DRV - [2010/08/22 04:31:06 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100829.004\EX64.SYS -- (NAVEX15)
DRV - [2010/08/22 04:31:06 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100829.004\ENG64.SYS -- (NAVENG)
DRV - [2010/08/12 13:15:22 | 000,016,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/13 19:17:58 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/07/13 19:17:58 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/06 03:15:40 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100827.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 C4 40 AB 68 23 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/07/14 13:39:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/07/27 17:31:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/25 11:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/25 11:29:22 | 000,000,000 | ---D | M]

[2010/07/14 12:51:41 | 000,000,000 | ---D | M] -- C:\Users\Kal Kylen\AppData\Roaming\Mozilla\Extensions
[2010/09/02 19:24:25 | 000,000,000 | ---D | M] -- C:\Users\Kal Kylen\AppData\Roaming\Mozilla\Firefox\Profiles\mk39oncr.default\extensions
[2010/07/31 22:55:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Kal Kylen\AppData\Roaming\Mozilla\Firefox\Profiles\mk39oncr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/19 21:13:11 | 000,002,567 | ---- | M] () -- C:\Users\Kal Kylen\AppData\Roaming\Mozilla\Firefox\Profiles\mk39oncr.default\searchplugins\askcom.xml
[2010/09/02 19:08:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/26 08:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 08:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/26 08:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 08:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TosGbWatcher] C:\Program Files (x86)\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/04 19:12:54 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{18748059-84f8-11df-9e25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{18748059-84f8-11df-9e25-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: SymEFA.sys - C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys (Symantec Corporation)
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: SymEFA.sys - C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys (Symantec Corporation)
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/02 19:55:49 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Local\Sunbelt Software
[2010/09/02 19:02:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Kal Kylen\Desktop\TFC.exe
[2010/09/02 17:58:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Kal Kylen\Desktop\OTL.exe
[2010/09/02 17:42:35 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/09/02 17:42:35 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/09/02 17:42:35 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/09/02 17:40:47 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/09/02 17:40:47 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/09/02 17:40:43 | 000,230,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/09/02 17:40:38 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/09/02 17:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/09/02 17:40:31 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\PC Tools
[2010/09/02 17:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/09/02 17:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/09/02 17:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/09/02 17:33:32 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\Malwarebytes
[2010/09/02 17:33:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/02 17:33:23 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/02 17:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/02 17:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/02 17:32:54 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kal Kylen\Desktop\mbam-setup-1.46.exe
[2010/09/02 17:15:44 | 001,184,872 | ---- | C] (Piriform Ltd) -- C:\Users\Kal Kylen\Desktop\ccsetup235_slim.exe
[2010/09/02 17:05:34 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/01 21:03:42 | 026,083,394 | ---- | C] (TOSHIBA Corporation) -- C:\Users\Kal Kylen\Desktop\gigabeat_ver_3_full[1].exe
[2010/08/25 18:53:24 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\Waves
[2010/08/25 18:53:23 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\Waves Preferences
[2010/08/25 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\Desktop\New folder (2)
[2010/08/25 11:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/08/25 11:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/25 11:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/25 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Local\Apple
[2010/08/25 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/25 11:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/25 11:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\East West
[2010/08/25 11:05:08 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\Desktop\Readme
[2010/08/25 11:05:07 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\Desktop\EWQL HardcoreBass Library
[2010/08/25 09:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigiDesign
[2010/08/25 09:54:18 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\Desktop\New folder
[2010/08/24 19:08:54 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/08/24 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/08/22 14:35:40 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Local\Symantec
[2010/08/20 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\Spotify
[2010/08/20 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Local\Spotify
[2010/08/20 18:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\InstallShield
[2010/08/20 18:56:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/08/20 00:37:55 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\VST3 Presets
[2010/08/19 20:51:39 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\PCF-VLC
[2010/08/19 20:43:13 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\gtk-2.0
[2010/08/19 20:37:33 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\Participatory Culture Foundation
[2010/08/19 20:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Participatory Culture Foundation
[2010/08/19 18:39:42 | 001,177,600 | ---- | C] (AD) -- C:\Windows\SysWow64\SYNSOEMU.DLL
[2010/08/19 18:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VST3
[2010/08/19 18:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\VST3 Presets
[2010/08/19 18:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2010/08/19 18:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steinberg
[2010/08/19 17:49:04 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/19 17:49:03 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/19 17:49:03 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/19 17:48:38 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/19 17:48:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/19 17:48:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/19 17:48:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/19 17:48:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/19 17:48:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/19 00:08:41 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/08/19 00:08:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/08/19 00:06:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/19 00:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/08/19 00:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/08/18 22:32:14 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\Waves Audio
[2010/08/18 22:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Waves
[2010/08/18 22:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/08/18 22:06:52 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\uTorrent
[2010/08/18 21:42:47 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Roaming\.BitTornado
[2010/08/18 21:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTornado
[2010/08/18 21:11:49 | 000,000,000 | ---D | C] -- C:\Users\Kal Kylen\AppData\Local\WinZip
[2010/08/18 21:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/08/18 21:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/08/18 20:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/08/18 19:29:58 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/18 19:29:58 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/18 19:29:58 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/13 19:44:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/02 21:15:33 | 002,883,584 | -HS- | M] () -- C:\Users\Kal Kylen\ntuser.dat
[2010/09/02 21:11:58 | 000,004,453 | ---- | M] () -- C:\Users\Kal Kylen\Desktop\instructionst.rtf
[2010/09/02 21:08:10 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/02 21:08:10 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/02 19:59:58 | 000,000,236 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/09/02 19:24:09 | 000,657,073 | ---- | M] () -- C:\Users\Kal Kylen\Desktop\erunt-setup.exe
[2010/09/02 19:18:15 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/09/02 19:08:18 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/02 19:08:18 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/02 19:08:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/02 19:07:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/02 19:07:44 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/02 19:06:26 | 002,715,037 | -H-- | M] () -- C:\Users\Kal Kylen\AppData\Local\IconCache.db
[2010/09/02 19:03:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Kal Kylen\Desktop\TFC.exe
[2010/09/02 18:03:58 | 000,293,376 | ---- | M] () -- C:\Users\Kal Kylen\Desktop\e8bmg7es.exe
[2010/09/02 17:58:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kal Kylen\Desktop\OTL.exe
[2010/09/02 17:33:26 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 17:32:54 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kal Kylen\Desktop\mbam-setup-1.46.exe
[2010/09/02 17:15:47 | 001,184,872 | ---- | M] (Piriform Ltd) -- C:\Users\Kal Kylen\Desktop\ccsetup235_slim.exe
[2010/09/01 21:04:57 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\gigabeat room 3.0.lnk
[2010/09/01 20:36:35 | 000,684,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/30 22:54:33 | 000,007,598 | ---- | M] () -- C:\Users\Kal Kylen\AppData\Local\Resmon.ResmonCfg
[2010/08/30 22:44:43 | 000,001,176 | ---- | M] () -- C:\Users\Kal Kylen\Documents\What lurks....rtf
[2010/08/29 20:53:33 | 000,015,400 | ---- | M] () -- C:\Users\Kal Kylen\Desktop\services.htm
[2010/08/25 18:52:11 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\GTR 3.lnk
[2010/08/25 09:57:13 | 000,000,032 | ---- | M] () -- C:\Windows\SysWow64\w3data.vss
[2010/08/25 09:57:13 | 000,000,032 | ---- | M] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010/08/25 09:57:13 | 000,000,032 | ---- | M] () -- C:\Windows\msocreg32.dat
[2010/08/24 19:08:55 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/08/22 14:33:38 | 000,524,288 | -HS- | M] () -- C:\Users\Kal Kylen\ntuser.dat{ae283b67-adf1-11df-8f6e-485b391211e8}.TMContainer00000000000000000002.regtrans-ms
[2010/08/22 14:33:38 | 000,524,288 | -HS- | M] () -- C:\Users\Kal Kylen\ntuser.dat{ae283b67-adf1-11df-8f6e-485b391211e8}.TMContainer00000000000000000001.regtrans-ms
[2010/08/22 14:33:38 | 000,065,536 | -HS- | M] () -- C:\Users\Kal Kylen\ntuser.dat{ae283b67-adf1-11df-8f6e-485b391211e8}.TM.blf
[2010/08/19 20:51:40 | 000,000,218 | ---- | M] () -- C:\Users\Kal Kylen\.recently-used.xbel
[2010/08/19 03:22:24 | 000,379,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/19 00:17:37 | 000,000,632 | RHS- | M] () -- C:\Users\Kal Kylen\ntuser.pol
[2010/08/19 00:06:53 | 000,001,166 | ---- | M] () -- C:\Users\Kal Kylen\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/18 22:07:03 | 000,000,967 | ---- | M] () -- C:\Users\Kal Kylen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/12 13:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/08/12 13:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/08/05 17:26:04 | 000,001,589 | ---- | M] () -- C:\Users\Kal Kylen\Documents\Phase Aligning Guitar Mic's.rtf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/02 19:59:58 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/09/02 19:59:58 | 000,000,236 | -H-- | C] () -- C:\aaw7boot.cmd
[2010/09/02 19:23:53 | 000,657,073 | ---- | C] () -- C:\Users\Kal Kylen\Desktop\erunt-setup.exe
[2010/09/02 18:03:55 | 000,293,376 | ---- | C] () -- C:\Users\Kal Kylen\Desktop\e8bmg7es.exe
[2010/09/02 18:01:35 | 000,004,453 | ---- | C] () -- C:\Users\Kal Kylen\Desktop\instructionst.rtf
[2010/09/02 17:42:35 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/09/02 17:42:35 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/09/02 17:42:35 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/09/02 17:42:35 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/09/02 17:42:35 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/09/02 17:40:47 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/09/02 17:40:43 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/09/02 17:40:38 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/09/02 17:33:26 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 21:04:57 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\gigabeat room 3.0.lnk
[2010/08/30 22:44:43 | 000,001,176 | ---- | C] () -- C:\Users\Kal Kylen\Documents\What lurks....rtf
[2010/08/29 20:53:33 | 000,015,400 | ---- | C] () -- C:\Users\Kal Kylen\Desktop\services.htm
[2010/08/25 18:52:11 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\GTR 3.lnk
[2010/08/25 11:05:09 | 034,160,757 | ---- | C] () -- C:\Users\Kal Kylen\Desktop\HardcoreBass Setup.exe
[2010/08/25 11:05:09 | 000,016,286 | ---- | C] () -- C:\Users\Kal Kylen\Desktop\Readme.html
[2010/08/24 19:08:55 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/08/22 14:33:38 | 000,524,288 | -HS- | C] () -- C:\Users\Kal Kylen\ntuser.dat{ae283b67-adf1-11df-8f6e-485b391211e8}.TMContainer00000000000000000002.regtrans-ms
[2010/08/22 14:33:38 | 000,524,288 | -HS- | C] () -- C:\Users\Kal Kylen\ntuser.dat{ae283b67-adf1-11df-8f6e-485b391211e8}.TMContainer00000000000000000001.regtrans-ms
[2010/08/22 14:33:38 | 000,065,536 | -HS- | C] () -- C:\Users\Kal Kylen\ntuser.dat{ae283b67-adf1-11df-8f6e-485b391211e8}.TM.blf
[2010/08/19 20:51:40 | 000,000,218 | ---- | C] () -- C:\Users\Kal Kylen\.recently-used.xbel
[2010/08/19 00:15:38 | 000,000,632 | RHS- | C] () -- C:\Users\Kal Kylen\ntuser.pol
[2010/08/19 00:06:53 | 000,001,166 | ---- | C] () -- C:\Users\Kal Kylen\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/18 22:07:03 | 000,000,967 | ---- | C] () -- C:\Users\Kal Kylen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/05 17:26:04 | 000,001,589 | ---- | C] () -- C:\Users\Kal Kylen\Documents\Phase Aligning Guitar Mic's.rtf
[2010/08/03 12:16:51 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010/07/24 14:21:32 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/07/24 14:21:16 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DigiPlatformSupport.dll
[2010/07/19 10:20:35 | 000,434,176 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2.dll
[2010/07/19 10:20:35 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\libfdbio2.dll
[2010/07/19 10:20:35 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\libfdbio3.dll
[2010/07/19 10:20:35 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\libfdbiophoto.dll
[2010/07/19 10:20:35 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\libfdbio.dll
[2010/07/19 10:20:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\fdbio_vx.dll
[2010/07/14 13:31:04 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\sonicismdsp.dll
[2010/07/12 23:44:06 | 000,003,584 | ---- | C] () -- C:\Users\Kal Kylen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/12 21:59:40 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll
[2010/07/07 21:41:48 | 000,007,598 | ---- | C] () -- C:\Users\Kal Kylen\AppData\Local\Resmon.ResmonCfg
[2010/07/01 22:18:33 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/07/01 22:18:33 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/07/01 22:18:25 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/07/01 22:18:25 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/07/01 22:17:53 | 000,044,088 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/07/01 22:15:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/01 22:15:17 | 000,029,653 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/06 03:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/02 19:59:58 | 000,000,236 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/09/02 19:18:15 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/07/29 19:30:01 | 000,030,030 | ---- | M] () -- C:\FAST.log
[2010/09/02 19:07:44 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/14 13:31:09 | 000,002,971 | ---- | M] () -- C:\install.log
[2010/07/29 19:30:07 | 000,029,138 | ---- | M] () -- C:\LEAP.log
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/09/02 19:07:46 | 4293,058,560 | -HS- | M] () -- C:\pagefile.sys
[2010/07/29 19:30:04 | 000,029,184 | ---- | M] () -- C:\PEAP.log
[2010/07/01 22:32:08 | 000,002,182 | ---- | M] () -- C:\RHDSetup.log
[2010/09/02 17:01:24 | 000,000,360 | ---- | M] () -- C:\rkill.log
[2010/07/01 22:42:12 | 000,000,068 | -H-- | M] () -- C:\splash.idx
[2010/02/05 22:33:34 | 000,017,232 | -H-- | M] () -- C:\version

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Extras

OTL Extras logfile created on: 02/09/2010 21:12:12 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Kal Kylen\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 11.50 Gb Free Space | 4.94% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 74.52 Gb Total Space | 8.94 Gb Free Space | 12.00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.41 Gb Total Space | 860.25 Gb Free Space | 92.36% Space Free | Partition Type: NTFS

Computer Name: KALKYLEN
Current User Name: Kal Kylen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D1EE6D8-A5D7-4613-B6F7-72F56DFFB06A}" = Mikinho's Media Center Mount Image
"{2770B8D8-701A-1D22-635F-8711DFC06B92}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5800B5A7-176D-C773-7BA0-AABB25C57591}" = ATI Problem Report Wizard
"{62803CAB-203F-6307-BCCE-27B5E5A01419}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9CE5F7AE-9D50-4BE6-A32A-00E6914BDB71}" = M-Audio Delta Driver 6.0.2 (x64)
"{CB5340E7-7745-7B18-1413-C14508C2AC2B}" = ATI AVIVO64 Codecs
"Recuva" = Recuva
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{06036CDA-6B67-1338-5886-9B7DEB2491C6}" = Catalyst Control Center Graphics Full New
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{1EF419E0-E1FC-2990-C86B-BBB15D51F057}" = Catalyst Control Center Graphics Full Existing
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{31793A49-51CF-F0BB-9023-C268D517954D}" = Catalyst Control Center InstallProxy
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{44269A82-EA1D-4191-B18B-8F69AAA90723}" = TOSHIBA gigabeat applications 3.0
"{46059418-BB80-F9D4-8DBC-813C28883022}" = CCC Help Chinese Standard
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{52FB9C98-2704-DAF1-8999-11EC1C14EB3C}" = Catalyst Control Center Localization All
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5369142A-CE72-4516-AF3D-36925016D32F}" = Digidesign Pro Tools Documentation 7.3
"{5676E8F9-B222-49FB-81B7-7998D17EDC4B}" = Digidesign DigiDelivery
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{58DBB693-BE6E-DA0F-42DE-3944FA9229F9}" = Catalyst Control Center HydraVision Full
"{58F3E8F1-E7CE-B5E8-AF18-C1F1B7C6FB03}" = Catalyst Control Center Graphics Previews Vista
"{669B7CF5-FC58-AE3C-EDB1-3950A5E45920}" = Catalyst Control Center Graphics Previews Common
"{6842D80E-1646-4739-A2E1-EA973A5AEFE6}" = New York Studio Legacy Vol1 MIDI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74CCE403-68F5-7CC9-967B-976229BF5180}" = CCC Help Chinese Traditional
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Free Bomb Factory Plug-Ins 7.3
"{82FB3E3F-1A3F-BBF2-0926-C92F6974EC91}" = Catalyst Control Center Graphics Light
"{85F82863-A6DB-E29B-6B81-4A8582180679}" = CCC Help Thai
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.16
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8967ABFB-CBCA-4EC0-8DE8-A01135267C16}" = EZplayer pro
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{9430BB20-C04E-4DC3-A64A-A1D1F4E695A5}" = TOSHIBA gigabeat applications 3.0
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9FCCC8D1-3152-4699-8793-6CB0B9E26EBB}" = Miroslav Philharmonik Instruments
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6C8C801-5CDE-4A58-87B3-5D9DB775B33F}" = Metal Foundry SDX MIDI
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.3
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{BA0D0121-A3BA-487D-9C78-7AB0E676C722}" = Miroslav Philharmonik
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE8C262E-5DB4-C8AC-7DA2-DC88767653A1}" = HydraVision
"{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX
"{CF8C33F5-9279-5A08-7EA0-5624E6D5AD55}" = Catalyst Control Center Core Implementation
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E59F4CC1-E338-7141-5B1C-1F4ADF371A87}" = CCC Help Swedish
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F00B33C1-9F1C-FEA5-52EF-EE612E498D8D}" = CCC Help Turkish
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitTornado" = BitTornado 0.3.17
"Browser Defender_is1" = Browser Defender 2.0.6.15
"FabFilter Pro-C 1.14 (64-bit)" = FabFilter Pro-C 1.14 (64-bit)
"FabFilter Pro-Q 1.04 (64-bit)" = FabFilter Pro-Q 1.04 (64-bit)
"FabFilter Total Bundle (64-bit)" = FabFilter Total Bundle (64-bit)
"GlaceVerb_is1" = GlaceVerb 1.01
"iZotope Ozone 3_is1" = iZotope Ozone 3
"iZotope RX_is1" = iZotope RX
"iZotope Trash_is1" = iZotope Trash
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Miro" = Miro
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Native Instruments - Rig Kontrol 3 Driver" = Native Instruments - Rig Kontrol 3 Driver
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"NIS" = Norton Internet Security
"PowerISO" = PowerISO
"Reason Adapted M-Audio Express_is1" = Reason Adapted M-Audio Express 2.5
"Spyware Doctor" = Spyware Doctor 7.0
"Steinberg Cubase SX v2.2.0.33" = Steinberg Cubase SX v2.2.0.33
"Steinberg VoiceMachine v1.0" = Steinberg VoiceMachine v1.0
"uTorrent" = µTorrent
"Vintage Vocoder 1.03 Build 1" = Vintage Vocoder 1.03 Build 1
"Waves GTR 3" = Waves GTR 3
"Waves Mercury Bundle" = Waves Mercury Bundle
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/09/2010 15:03:05 | Computer Name = KalKylen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 02/09/2010 15:03:05 | Computer Name = KalKylen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 02/09/2010 15:03:10 | Computer Name = KalKylen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 02/09/2010 15:03:10 | Computer Name = KalKylen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 02/09/2010 15:03:15 | Computer Name = KalKylen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 02/09/2010 15:07:11 | Computer Name = KalKylen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 02/09/2010 15:07:26 | Computer Name = KalKylen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 02/09/2010 15:16:43 | Computer Name = KalKylen | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 14bc Start
Time: 01cb4ad2b222e915 Termination Time: 4 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 9b95e462-b6c6-11df-9d4e-485b391211e8

Error - 02/09/2010 16:09:17 | Computer Name = KalKylen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 02/09/2010 16:09:32 | Computer Name = KalKylen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

[ System Events ]
Error - 25/08/2010 00:21:56 | Computer Name = KalKylen | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 25/08/2010 00:21:59 | Computer Name = KalKylen | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 25/08/2010 00:22:01 | Computer Name = KalKylen | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 25/08/2010 00:22:04 | Computer Name = KalKylen | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 25/08/2010 00:22:07 | Computer Name = KalKylen | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 25/08/2010 00:22:10 | Computer Name = KalKylen | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 25/08/2010 00:22:13 | Computer Name = KalKylen | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 25/08/2010 00:22:16 | Computer Name = KalKylen | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 25/08/2010 00:22:19 | Computer Name = KalKylen | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 25/08/2010 00:22:21 | Computer Name = KalKylen | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.


< End of report >


Thanks in advance!

Kyle
  • 0

#4
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hi,

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP