Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ie8 Search engine redirect


  • This topic is locked This topic is locked

#1
dappy

dappy

    Member

  • Member
  • PipPip
  • 13 posts
Using IE8, when clicking on links in Google search results or bing search results, I get redirected to random websites. Firefox was doing the same thing. I also had a fake lsass.exe started by winlogin. That was pretty neat, it would close the explorer window when I tried to navigate to the common\shared directory (or whatever the name was of the directory it resided in). I ran spybot-sd, malwarebytes, and superAntispyware. All found threats and fixed them (got rid of the lsass.exe), but i'm still getting the redirects on IE8. Firefox is now fine. Today I followed the Google Redirect Fix directions posted in this forum: OTM, Goored, and TDSSKiller. TDSSKiller did find and remove Rootkit.Win32.TDSS.tdl4. After rebooting, IE8 still has the redirect problem.
More information: Windows is telling me that Security Center can't be started. When I try to start it, it shuts down again. I can't start MS Sec. Essentials either.

OTL mentions Trojan:DOS/Alureon.A at the end of the log...

Here are the OTL logs:

OTL logfile created on: 12/20/2010 6:37:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\Andrew and Terri\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 521.94 Gb Free Space | 74.71% Space Free | Partition Type: NTFS
Drive D: | 71.22 Gb Total Space | 31.90 Gb Free Space | 44.79% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SPOONERHOME | User Name: Andrew and Terri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 18:35:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTL.exe
PRC - [2010/12/14 15:02:18 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/14 08:10:05 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/14 08:10:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/16 09:45:20 | 000,043,424 | ---- | M] () -- C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
PRC - [2010/09/28 20:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/09/28 20:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/04/09 13:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Program Files\Xerox External Access Network\NvcRpcSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/20 18:35:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/28 20:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/06/03 06:41:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/04/09 13:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Running] -- C:\Program Files\Xerox External Access Network\NvcRpcSvr.exe -- (NvcRpcServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ntnvca.sys -- (NT_NvcA)
DRV - [2010/09/28 21:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/09/28 20:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/08 14:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/08/16 05:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/17 17:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/08/09 16:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2007/08/08 11:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/04/09 13:27:50 | 000,031,784 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2007/04/09 13:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2007/04/09 13:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECEXT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 F0 93 1B C0 9C CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/26 20:51:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 08:10:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 08:10:10 | 000,000,000 | ---D | M]

[2010/06/01 21:08:48 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Mozilla\Extensions
[2010/12/20 18:25:04 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Mozilla\Firefox\Profiles\a8l23hup.default\extensions
[2010/10/21 05:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew and Terri\AppData\Roaming\Mozilla\Firefox\Profiles\a8l23hup.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/07/18 17:03:37 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Mozilla\Firefox\Profiles\a8l23hup.default\extensions\[email protected]
[2010/07/18 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Mozilla\Firefox\Profiles\a8l23hup.default\extensions\[email protected]
[2010/12/20 18:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/05 09:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 06:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/26 17:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/18 07:51:55 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2010/12/20 18:09:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/02/09 09:32:47 | 000,000,045 | ---- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{62a94b86-6e02-11df-8f9f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{62a94b86-6e02-11df-8f9f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RunMeWIN.exe -- [2004/03/12 16:35:29 | 003,225,049 | ---- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/20 18:35:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTL.exe
[2010/12/20 15:09:42 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andrew and Terri\Desktop\TDSSKiller.exe
[2010/12/20 15:08:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Desktop\GooredFix Backups
[2010/12/20 15:08:11 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Andrew and Terri\Desktop\GooredFix.exe
[2010/12/20 14:47:38 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/12/20 14:46:32 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTM.exe
[2010/12/20 14:45:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/20 14:44:50 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Desktop\junk
[2010/12/19 21:52:57 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/19 21:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/19 21:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/19 21:37:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\Malwarebytes
[2010/12/19 21:37:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/19 21:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/19 21:36:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/19 21:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/19 08:38:21 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Desktop\backups
[2010/12/19 08:22:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Andrew and Terri\Desktop\HijackThis.exe
[2010/12/18 12:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/18 12:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/18 07:51:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Services Shared
[2010/12/15 15:07:56 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Documents\LightroomOutput
[2010/12/14 22:22:37 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Desktop\Adobe
[2010/12/05 14:08:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\Sony Corporation
[2010/12/03 22:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/12/03 22:00:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\InstallShield
[2010/12/02 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Zz
[2010/12/02 06:37:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\Microsoft FxCop
[2010/11/26 20:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/11/26 20:51:37 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\Yahoo!
[2010/11/26 20:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/11/26 20:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/11/26 20:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/11/26 14:25:30 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\TortoiseHg
[2010/11/26 13:50:36 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\.android
[2010/11/26 13:49:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\.eclipse
[2010/11/26 13:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/11/26 13:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseHg
[2010/11/26 13:40:25 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Local\Eclipse
[2010/10/31 09:11:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Andrew and Terri\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/12/20 18:35:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTL.exe
[2010/12/20 18:18:53 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/20 18:18:53 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/20 18:16:02 | 000,726,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/20 18:16:02 | 000,145,626 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/20 18:11:48 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\qovuwvuhp.job
[2010/12/20 18:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/20 18:11:41 | 2414,460,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/20 18:09:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/20 15:09:35 | 001,232,020 | ---- | M] () -- C:\Users\Andrew and Terri\Desktop\tdsskiller.zip
[2010/12/20 15:08:11 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Andrew and Terri\Desktop\GooredFix.exe
[2010/12/20 14:46:32 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTM.exe
[2010/12/20 06:25:30 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/12/19 21:52:54 | 000,001,973 | ---- | M] () -- C:\Users\Andrew and Terri\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/19 21:37:03 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/19 08:22:19 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Andrew and Terri\Desktop\HijackThis.exe
[2010/12/18 22:22:28 | 000,007,591 | ---- | M] () -- C:\Users\Andrew and Terri\AppData\Local\Resmon.ResmonCfg
[2010/12/18 13:13:34 | 000,000,131 | ---- | M] () -- C:\Windows\wininit.ini
[2010/12/18 12:25:49 | 000,001,252 | ---- | M] () -- C:\Users\Andrew and Terri\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/18 12:25:49 | 000,001,228 | ---- | M] () -- C:\Users\Andrew and Terri\Desktop\Spybot - Search & Destroy.lnk
[2010/12/18 11:46:36 | 000,000,120 | ---- | M] () -- C:\Users\Andrew and Terri\AppData\Local\Nxedeyojiyedoh.dat
[2010/12/18 11:46:36 | 000,000,000 | ---- | M] () -- C:\Users\Andrew and Terri\AppData\Local\Mqexewoqan.bin
[2010/12/18 07:50:52 | 000,126,464 | RHS- | M] () -- C:\Windows\System32\msiltcfg1.dll
[2010/12/16 18:23:25 | 000,000,117 | ---- | M] () -- C:\Users\Andrew and Terri\jagex_runescape_preferences2.dat
[2010/12/16 18:23:24 | 000,000,046 | ---- | M] () -- C:\Users\Andrew and Terri\jagex_runescape_preferences.dat
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andrew and Terri\Desktop\TDSSKiller.exe
[2010/12/16 03:24:45 | 000,449,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/14 14:37:40 | 000,002,046 | -H-- | M] () -- C:\Users\Andrew and Terri\Documents\Default.rdp
[2010/12/14 13:31:09 | 000,000,600 | ---- | M] () -- C:\Users\Andrew and Terri\AppData\Local\PUTTY.RND
[2010/12/03 22:02:38 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\NEX-5 Handbook (PDF).lnk
[2010/12/03 22:01:20 | 000,002,352 | ---- | M] () -- C:\Users\Public\Desktop\Image Data Converter SR Ver. 3.lnk
[2010/12/03 22:01:20 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Image Data Lightbox SR.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/28 20:00:10 | 000,017,008 | ---- | M] () -- C:\Users\Andrew and Terri\Documents\My Movie.wlmp
[2010/11/26 21:05:36 | 000,202,627 | ---- | M] () -- C:\Windows\hpoins18.dat
[2010/11/26 20:50:31 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010/11/26 20:49:50 | 000,001,281 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/11/26 20:49:39 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2010/11/26 20:49:19 | 000,002,077 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/26 17:53:11 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/26 14:25:53 | 000,000,072 | ---- | M] () -- C:\Users\Andrew and Terri\mercurial.ini
[2010/11/25 09:58:15 | 116,435,000 | ---- | M] () -- C:\Users\Andrew and Terri\Desktop\Shawna Wedding Reception 2010_11_25_09_51_39.wmv

========== Files Created - No Company Name ==========

[2010/12/20 15:09:31 | 001,232,020 | ---- | C] () -- C:\Users\Andrew and Terri\Desktop\tdsskiller.zip
[2010/12/19 21:52:54 | 000,001,973 | ---- | C] () -- C:\Users\Andrew and Terri\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/19 21:37:03 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/18 13:13:34 | 000,000,131 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/18 12:25:49 | 000,001,252 | ---- | C] () -- C:\Users\Andrew and Terri\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/18 12:25:49 | 000,001,228 | ---- | C] () -- C:\Users\Andrew and Terri\Desktop\Spybot - Search & Destroy.lnk
[2010/12/18 11:46:36 | 000,000,120 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Local\Nxedeyojiyedoh.dat
[2010/12/18 11:46:36 | 000,000,000 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Local\Mqexewoqan.bin
[2010/12/18 07:50:52 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\qovuwvuhp.job
[2010/12/18 07:50:51 | 000,126,464 | RHS- | C] () -- C:\Windows\System32\msiltcfg1.dll
[2010/12/14 22:22:26 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/12/03 22:02:38 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\NEX-5 Handbook (PDF).lnk
[2010/12/03 22:01:20 | 000,002,352 | ---- | C] () -- C:\Users\Public\Desktop\Image Data Converter SR Ver. 3.lnk
[2010/12/03 22:01:20 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Image Data Lightbox SR.lnk
[2010/11/28 20:00:10 | 000,017,008 | ---- | C] () -- C:\Users\Andrew and Terri\Documents\My Movie.wlmp
[2010/11/26 20:50:31 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010/11/26 20:49:50 | 000,001,281 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/11/26 20:49:39 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2010/11/26 20:49:19 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/26 20:45:01 | 000,202,627 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/11/26 20:45:01 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/11/26 18:04:29 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2010/11/26 14:25:30 | 000,000,072 | ---- | C] () -- C:\Users\Andrew and Terri\mercurial.ini
[2010/11/25 17:51:36 | 116,435,000 | ---- | C] () -- C:\Users\Andrew and Terri\Desktop\Shawna Wedding Reception 2010_11_25_09_51_39.wmv
[2010/10/31 09:12:08 | 000,000,034 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Roaming\pcouffin.log
[2010/10/31 09:11:14 | 000,087,608 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Roaming\inst.exe
[2010/10/31 09:11:14 | 000,007,887 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Roaming\pcouffin.cat
[2010/10/31 09:11:14 | 000,001,144 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Roaming\pcouffin.inf
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/09 17:08:38 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/08/04 00:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/06/05 15:48:55 | 000,010,147 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/03 21:01:12 | 000,000,600 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Local\PUTTY.RND
[2010/06/02 20:58:44 | 000,007,591 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Local\Resmon.ResmonCfg
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:24:44 | 000,003,584 | ---- | C] () -- C:\Windows\System32\kb.dll
[2007/08/08 11:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2004/03/23 15:49:48 | 000,131,072 | ---- | C] () -- C:\Windows\System32\sfarkxt.dll
[2004/03/23 15:49:47 | 000,068,096 | ---- | C] () -- C:\Windows\System32\SFARKL.DLL

========== LOP Check ==========

[2010/08/21 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\com.Shutterfly.ExpressUploader
[2010/08/23 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Disney.Vacation.Connection.460.73ACE317F4A7B83CB919AF282FBA5D3D96899CDE.1
[2010/09/25 12:34:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\FreeStone Group
[2010/07/23 20:31:25 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\ImgBurn
[2010/07/12 15:42:48 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Leadertech
[2010/10/11 06:18:07 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Unity
[2010/10/31 09:12:13 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Vso
[2010/10/27 15:01:30 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Windows Live Writer
[2010/12/20 06:25:30 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/12/20 18:11:48 | 000,000,316 | -HS- | M] () -- C:\Windows\Tasks\qovuwvuhp.job
[2009/07/13 23:53:46 | 000,016,904 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 12/20/2010 6:37:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\Andrew and Terri\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 521.94 Gb Free Space | 74.71% Space Free | Partition Type: NTFS
Drive D: | 71.22 Gb Total Space | 31.90 Gb Free Space | 44.79% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SPOONERHOME | User Name: Andrew and Terri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{0129B1E0-FC2A-219C-2B55-F81845719BB6}" = CCC Help English
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{23958263-D500-BCB3-0B3A-A3E47ED9DC34}" = Catalyst Control Center Graphics Previews Vista
"{23DC238B-717A-4AE0-A902-B4230A1F7A93}" = Mercurial Source Control Package
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{4037A2B9-A976-4538-8B08-A0D95B637F35}" = C5100
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{5542F72D-45E4-371C-BE4B-A7CB70C11E9D}" = Windows Phone Emulator - ENU
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63522C0C-CDAF-D873-08F1-D9CA9EFF3EA5}" = Catalyst Control Center InstallProxy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{68C536DD-E4C5-E7AA-ED80-C387AB33A53C}" = ccc-core-static
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E7F1130-F68A-46A1-96ED-5BFE51A3A605}" = Backyard Baseball 2005
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{99053CC3-A74B-BC9C-1AF2-1ADE8AEEC9FB}" = ccc-utility
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D6B057C-96B5-3437-9692-7B9C401C498E}" = Disney Vacation Connection
"{9EBFB7D8-89A8-40FD-B474-E981590CAE8D}" = TortoiseHg 1.1.6 (x86)
"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DA5B06-E1A8-A0F7-84A9-52545C2FDD21}" = AMD Drag and Drop Transcoding
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EADE5897-3567-7D85-7236-6F458689D18F}" = ATI Catalyst Install Manager
"{EB26B5EB-E020-ACCE-4FF7-BA8ECA7E7758}" = WMV9/VC-1 Video Playback
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = XEAN Extranet Access Client
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F400E4F2-DC34-33D6-E065-316ED121101D}" = Catalyst Control Center Graphics Previews Common
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1" = GPU Caps Viewer 1.9.2
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazing Slow Downer EE" = Amazing Slow Downer (remove only)
"ATITool" = ATITool Overclocking Utility
"AutoHotkey" = AutoHotkey 1.0.48.05
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"Disney.Vacation.Connection.460.73ACE317F4A7B83CB919AF282FBA5D3D96899CDE.1" = Disney Vacation Connection
"DVDFab Platinum_is1" = DVDFab Platinum 3.1.1.2 Ghosthunter release
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Monster Trucks Nitro" = Monster Trucks Nitro
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Picasa 3" = Picasa 3
"PRO" = Microsoft Office Professional 2007
"QuickTime" = QuickTime
"Scooby-Doo™, Phantom of the Knight™" = Scooby-Doo™, Phantom of the Knight™
"Shop for HP Supplies" = Shop for HP Supplies
"SmartMusic Content" = SmartMusic Content (shared music files)
"SmartMusic for Essential Elements 2000 Band Book 1 Student Edition" = SmartMusic for Essential Elements 2000 Band Book 1 Student Edition
"Video Card Stability Test" = Video Card Stability Test
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-Clone Wars" = Clone Wars
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2010 10:00:40 AM | Computer Name = SpoonerHome | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 130.0.422.0, time
stamp: 0x4ab683ef Faulting module name: HpqCPTA.dll, version: 12.0.0.223, time stamp:
0x4880551c Exception code: 0xc0000005 Fault offset: 0x00009d20 Faulting process id:
0xc2c Faulting application start time: 0x01cb9f850ac6a020 Faulting application path:
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Faulting module path: C:\Program
Files\HP\Digital Imaging\bin\HpqCPTA.dll Report Id: 5c81f3e8-0b78-11e0-a9e5-444553544200

Error - 12/19/2010 11:40:21 AM | Computer Name = SpoonerHome | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 130.0.422.0, time
stamp: 0x4ab683ef Faulting module name: HpqCPTA.dll, version: 12.0.0.223, time stamp:
0x4880551c Exception code: 0xc0000005 Fault offset: 0x00009d20 Faulting process id:
0xbf4 Faulting application start time: 0x01cb9f92fdfbed93 Faulting application path:
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Faulting module path: C:\Program
Files\HP\Digital Imaging\bin\HpqCPTA.dll Report Id: 4933d501-0b86-11e0-ad56-444553544200

Error - 12/19/2010 10:50:17 PM | Computer Name = SpoonerHome | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 130.0.422.0, time
stamp: 0x4ab683ef Faulting module name: HpqCPTA.dll, version: 12.0.0.223, time stamp:
0x4880551c Exception code: 0xc0000005 Fault offset: 0x00009d20 Faulting process id:
0xba0 Faulting application start time: 0x01cb9ff09013de33 Faulting application path:
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Faulting module path: C:\Program
Files\HP\Digital Imaging\bin\HpqCPTA.dll Report Id: e00fc82f-0be3-11e0-8cf6-444553544200

Error - 12/20/2010 1:32:48 AM | Computer Name = SpoonerHome | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/20/2010 1:32:48 AM | Computer Name = SpoonerHome | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 10.0\Common7\IDE\Remote Debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/20/2010 7:49:01 AM | Computer Name = SpoonerHome | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 130.0.422.0, time
stamp: 0x4ab683ef Faulting module name: HpqCPTA.dll, version: 12.0.0.223, time stamp:
0x4880551c Exception code: 0xc0000005 Fault offset: 0x00009d20 Faulting process id:
0xc24 Faulting application start time: 0x01cba03bdc8ff33b Faulting application path:
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Faulting module path: C:\Program
Files\HP\Digital Imaging\bin\HpqCPTA.dll Report Id: 227e7988-0c2f-11e0-ace0-444553544200

Error - 12/20/2010 4:05:44 PM | Computer Name = SpoonerHome | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 130.0.422.0, time
stamp: 0x4ab683ef Faulting module name: HpqCPTA.dll, version: 12.0.0.223, time stamp:
0x4880551c Exception code: 0xc0000005 Fault offset: 0x00009d20 Faulting process id:
0xa44 Faulting application start time: 0x01cba08138ebf38e Faulting application path:
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Faulting module path: C:\Program
Files\HP\Digital Imaging\bin\HpqCPTA.dll Report Id: 8671560e-0c74-11e0-b33d-444553544200

Error - 12/20/2010 4:17:47 PM | Computer Name = SpoonerHome | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 130.0.422.0, time
stamp: 0x4ab683ef Faulting module name: HpqCPTA.dll, version: 12.0.0.223, time stamp:
0x4880551c Exception code: 0xc0000005 Fault offset: 0x00009d20 Faulting process id:
0x664 Faulting application start time: 0x01cba082ec589e97 Faulting application path:
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Faulting module path: C:\Program
Files\HP\Digital Imaging\bin\HpqCPTA.dll Report Id: 35851dfb-0c76-11e0-b3e5-444553544200

Error - 12/20/2010 4:25:27 PM | Computer Name = SpoonerHome | Source = Application Hang | ID = 1002
Description = The program notepad.exe version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1364 Start
Time: 01cba083f71180a2 Termination Time: 14 Application Path: C:\Windows\system32\notepad.exe

Report
Id: 45800e0d-0c77-11e0-b3e5-444553544200

Error - 12/20/2010 7:12:44 PM | Computer Name = SpoonerHome | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 130.0.422.0, time
stamp: 0x4ab683ef Faulting module name: HpqCPTA.dll, version: 12.0.0.223, time stamp:
0x4880551c Exception code: 0xc0000005 Fault offset: 0x00009d20 Faulting process id:
0xcfc Faulting application start time: 0x01cba09b5d7a78c8 Faulting application path:
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Faulting module path: C:\Program
Files\HP\Digital Imaging\bin\HpqCPTA.dll Report Id: a6368176-0c8e-11e0-ad6b-444553544200

[ System Events ]
Error - 11/27/2010 7:24:05 AM | Computer Name = SpoonerHome | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 11/27/2010 7:24:05 AM | Computer Name = SpoonerHome | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 11/27/2010 7:24:06 AM | Computer Name = SpoonerHome | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 11/27/2010 7:24:06 AM | Computer Name = SpoonerHome | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 11/28/2010 8:39:20 PM | Computer Name = SpoonerHome | Source = DCOM | ID = 10010
Description =

Error - 12/16/2010 4:00:24 AM | Computer Name = SpoonerHome | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 12/18/2010 8:52:02 AM | Computer Name = SpoonerHome | Source = Service Control Manager | ID = 7000
Description = The IKE and AuthIP IPsec Keying Modules service failed to start due
to the following error: %%776

Error - 12/18/2010 9:00:24 AM | Computer Name = SpoonerHome | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.1996.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally

Error - 12/18/2010 9:18:27 AM | Computer Name = SpoonerHome | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147636949

User:
NT AUTHORITY\SYSTEM Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category:
Trojan Path: boot:\Device\Harddisk1\DR1\(MBR) Action: %%808 Error Code: 0x800704ec

Error
description: This program is blocked by group policy. For more information, contact
your system administrator. Status: To finish removing spyware and other potentially
unwanted software, restart the computer. To see how to finish removing spyware
and other potentially unwanted software, see this support article on the Microsoft
Security website. Signature Version: AV: 1.95.1996.0, AS: 1.95.1996.0 Engine Version:
1.1.6402.0

Error - 12/18/2010 12:45:16 PM | Computer Name = SpoonerHome | Source = DCOM | ID = 10010
Description =


< End of report >


Thanks for any help!

Edited by dappy, 23 December 2010 - 11:17 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay - lets run a quick and dirty fix first

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2010/12/18 11:46:36 | 000,000,120 | ---- | M] () -- C:\Users\Andrew and Terri\AppData\Local\Nxedeyojiyedoh.dat
    [2010/12/18 11:46:36 | 000,000,000 | ---- | M] () -- C:\Users\Andrew and Terri\AppData\Local\Mqexewoqan.bin
    [2010/12/18 07:50:52 | 000,126,464 | RHS- | M] () -- C:\Windows\System32\msiltcfg1.dll
    [2010/12/20 18:11:48 | 000,000,316 | -HS- | M] () -- C:\Windows\Tasks\qovuwvuhp.job
    [2010/12/20 06:25:30 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At1.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

FINALLY

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
dappy

dappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi, thanks for the reply.

OTL is stuck resetting HOSTS file, it seems. It raised an error message stating "cannot create C:\windows\System32\drivers\etc\hosts". I clicked OK, and it's just sitting here. Should I reboot?

-------------

Ok, rebooted. Windows came up... finally. I ran OTL Run Scan, here is the log:

OTL logfile created on: 12/27/2010 8:45:42 PM - Run 3
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\Andrew and Terri\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.25 Gb Total Space | 53.52 Gb Free Space | 39.86% Space Free | Partition Type: NTFS
Drive D: | 71.22 Gb Total Space | 11.33 Gb Free Space | 15.90% Space Free | Partition Type: NTFS
Drive G: | 564.38 Gb Total Space | 507.81 Gb Free Space | 89.98% Space Free | Partition Type: NTFS

Computer Name: SPOONERHOME | User Name: Andrew and Terri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/23 11:40:28 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/12/23 11:40:22 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/12/20 18:35:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTL.exe
PRC - [2010/12/14 15:02:18 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/14 08:10:05 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/14 08:10:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/16 09:45:20 | 000,043,424 | ---- | M] () -- C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
PRC - [2010/09/28 20:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/09/28 20:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/04/09 13:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Program Files\Xerox External Access Network\NvcRpcSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/20 18:35:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/23 11:40:22 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/09/28 20:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/06/03 06:41:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/04/09 13:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Running] -- C:\Program Files\Xerox External Access Network\NvcRpcSvr.exe -- (NvcRpcServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ntnvca.sys -- (NT_NvcA)
DRV - [2010/09/28 21:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/09/28 20:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/08 14:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/08/16 05:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/05/12 17:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/17 17:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/08/09 16:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2007/08/08 11:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/04/09 13:27:50 | 000,031,784 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2007/04/09 13:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2007/04/09 13:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECEXT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 F0 93 1B C0 9C CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/26 20:51:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 08:10:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 08:10:10 | 000,000,000 | ---D | M]

[2010/06/01 21:08:48 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Mozilla\Extensions
[2010/12/27 13:35:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Mozilla\Firefox\Profiles\a8l23hup.default\extensions
[2010/10/21 05:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew and Terri\AppData\Roaming\Mozilla\Firefox\Profiles\a8l23hup.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/07/18 17:03:37 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Mozilla\Firefox\Profiles\a8l23hup.default\extensions\[email protected]
[2010/07/18 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Andrew and Terri\AppData\Roaming\Mozilla\Firefox\Profiles\a8l23hup.default\extensions\[email protected]
[2010/12/27 13:35:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/05 09:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 06:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/26 17:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/18 07:51:55 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2010/12/23 20:59:42 | 000,000,138 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/27 20:38:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Documents\Image Data Converter SR
[2010/12/27 19:40:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/23 20:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/12/23 20:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/12/23 20:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/12/23 12:04:29 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Desktop\newstuf
[2010/12/23 11:40:18 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2010/12/23 11:40:16 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2010/12/23 11:40:14 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2010/12/23 11:40:14 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2010/12/23 11:40:14 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2010/12/23 11:40:14 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2010/12/23 11:40:12 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2010/12/23 11:40:12 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2010/12/23 11:40:12 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2010/12/23 11:40:12 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2010/12/23 11:40:10 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2010/12/23 11:40:10 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2010/12/22 07:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/12/20 21:51:35 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\EurekaLog
[2010/12/20 18:35:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTL.exe
[2010/12/20 15:09:42 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andrew and Terri\Desktop\TDSSKiller.exe
[2010/12/20 15:08:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Desktop\GooredFix Backups
[2010/12/20 15:08:11 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Andrew and Terri\Desktop\GooredFix.exe
[2010/12/20 14:47:38 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/12/20 14:46:32 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTM.exe
[2010/12/20 14:45:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/20 14:44:50 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Desktop\junk
[2010/12/19 21:52:57 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/19 21:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/19 21:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/19 21:37:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\Malwarebytes
[2010/12/19 21:37:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/19 21:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/19 21:36:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/19 21:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/19 08:38:21 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Desktop\backups
[2010/12/19 08:22:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Andrew and Terri\Desktop\HijackThis.exe
[2010/12/18 12:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/18 12:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/18 07:51:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Services Shared
[2010/12/15 15:28:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/15 15:28:41 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/15 15:28:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/15 15:28:39 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/15 15:28:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/15 15:28:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/15 15:28:38 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/15 15:28:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/15 15:28:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/15 15:28:38 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/15 15:28:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/15 15:28:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/15 15:28:07 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 15:28:07 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 15:28:07 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 15:28:07 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/12/15 15:27:40 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 15:27:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 15:27:24 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010/12/15 15:26:00 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 15:24:55 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/15 15:07:56 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Documents\LightroomOutput
[2010/12/14 22:22:37 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\Desktop\Adobe
[2010/12/05 14:08:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\Sony Corporation
[2010/12/03 22:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/12/03 22:00:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\InstallShield
[2010/12/02 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Zz
[2010/12/02 06:37:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew and Terri\AppData\Roaming\Microsoft FxCop
[2010/10/31 09:11:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Andrew and Terri\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/12/27 20:40:41 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 20:40:41 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 20:37:49 | 000,726,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/27 20:37:49 | 000,145,626 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/27 20:34:00 | 000,000,976 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/27 20:33:34 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\qovuwvuhp.job
[2010/12/27 20:33:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/27 20:33:26 | 207,851,175 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/27 20:33:24 | 2414,460,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/23 20:59:42 | 000,000,138 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/23 11:40:18 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2010/12/23 11:40:16 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2010/12/23 11:40:14 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2010/12/23 11:40:14 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2010/12/23 11:40:14 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2010/12/23 11:40:14 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2010/12/23 11:40:12 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2010/12/23 11:40:12 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2010/12/23 11:40:12 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2010/12/23 11:40:12 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2010/12/23 11:40:10 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2010/12/23 11:40:10 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2010/12/22 07:50:15 | 000,001,382 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2010/12/21 20:33:41 | 000,001,586 | ---- | M] () -- C:\Users\Andrew and Terri\Desktop\CubScouts - Shortcut.lnk
[2010/12/20 18:35:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTL.exe
[2010/12/20 15:09:35 | 001,232,020 | ---- | M] () -- C:\Users\Andrew and Terri\Desktop\tdsskiller.zip
[2010/12/20 15:08:11 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Andrew and Terri\Desktop\GooredFix.exe
[2010/12/20 14:46:32 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew and Terri\Desktop\OTM.exe
[2010/12/19 21:52:54 | 000,001,973 | ---- | M] () -- C:\Users\Andrew and Terri\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/19 21:37:03 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/19 08:22:19 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Andrew and Terri\Desktop\HijackThis.exe
[2010/12/18 22:22:28 | 000,007,591 | ---- | M] () -- C:\Users\Andrew and Terri\AppData\Local\Resmon.ResmonCfg
[2010/12/18 13:13:34 | 000,000,131 | ---- | M] () -- C:\Windows\wininit.ini
[2010/12/18 12:25:49 | 000,001,228 | ---- | M] () -- C:\Users\Andrew and Terri\Desktop\Spybot - Search & Destroy.lnk
[2010/12/18 07:50:52 | 000,126,464 | RHS- | M] () -- C:\Windows\System32\msiltcfg1.dll
[2010/12/16 18:23:25 | 000,000,117 | ---- | M] () -- C:\Users\Andrew and Terri\jagex_runescape_preferences2.dat
[2010/12/16 18:23:24 | 000,000,046 | ---- | M] () -- C:\Users\Andrew and Terri\jagex_runescape_preferences.dat
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andrew and Terri\Desktop\TDSSKiller.exe
[2010/12/16 03:24:45 | 000,449,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/14 14:37:40 | 000,002,046 | -H-- | M] () -- C:\Users\Andrew and Terri\Documents\Default.rdp
[2010/12/14 13:31:09 | 000,000,600 | ---- | M] () -- C:\Users\Andrew and Terri\AppData\Local\PUTTY.RND
[2010/12/03 22:02:38 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\NEX-5 Handbook (PDF).lnk
[2010/12/03 22:01:20 | 000,002,352 | ---- | M] () -- C:\Users\Public\Desktop\Image Data Converter SR Ver. 3.lnk
[2010/12/03 22:01:20 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Image Data Lightbox SR.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/28 20:00:10 | 000,017,008 | ---- | M] () -- C:\Users\Andrew and Terri\Documents\My Movie.wlmp

========== Files Created - No Company Name ==========

[2010/12/27 20:33:50 | 000,000,976 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/12/27 20:33:26 | 207,851,175 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/22 07:27:20 | 000,001,382 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2010/12/22 07:24:10 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/12/22 07:24:10 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/12/22 07:24:10 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/12/22 07:24:10 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/12/22 07:24:10 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/12/21 20:33:41 | 000,001,586 | ---- | C] () -- C:\Users\Andrew and Terri\Desktop\CubScouts - Shortcut.lnk
[2010/12/20 15:09:31 | 001,232,020 | ---- | C] () -- C:\Users\Andrew and Terri\Desktop\tdsskiller.zip
[2010/12/19 21:52:54 | 000,001,973 | ---- | C] () -- C:\Users\Andrew and Terri\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/19 21:37:03 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/18 13:13:34 | 000,000,131 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/18 12:25:49 | 000,001,228 | ---- | C] () -- C:\Users\Andrew and Terri\Desktop\Spybot - Search & Destroy.lnk
[2010/12/18 07:50:52 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\qovuwvuhp.job
[2010/12/18 07:50:51 | 000,126,464 | RHS- | C] () -- C:\Windows\System32\msiltcfg1.dll
[2010/12/03 22:02:38 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\NEX-5 Handbook (PDF).lnk
[2010/12/03 22:01:20 | 000,002,352 | ---- | C] () -- C:\Users\Public\Desktop\Image Data Converter SR Ver. 3.lnk
[2010/12/03 22:01:20 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Image Data Lightbox SR.lnk
[2010/11/28 20:00:10 | 000,017,008 | ---- | C] () -- C:\Users\Andrew and Terri\Documents\My Movie.wlmp
[2010/10/31 09:12:08 | 000,000,034 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Roaming\pcouffin.log
[2010/10/31 09:11:14 | 000,087,608 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Roaming\inst.exe
[2010/10/31 09:11:14 | 000,007,887 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Roaming\pcouffin.cat
[2010/10/31 09:11:14 | 000,001,144 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Roaming\pcouffin.inf
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/09 17:08:38 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/08/04 00:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/06/05 15:48:55 | 000,010,147 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/03 21:01:12 | 000,000,600 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Local\PUTTY.RND
[2010/06/02 20:58:44 | 000,007,591 | ---- | C] () -- C:\Users\Andrew and Terri\AppData\Local\Resmon.ResmonCfg
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/08/08 11:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2004/03/23 15:49:48 | 000,131,072 | ---- | C] () -- C:\Windows\System32\sfarkxt.dll
[2004/03/23 15:49:47 | 000,068,096 | ---- | C] () -- C:\Windows\System32\SFARKL.DLL

< End of report >

I'm assuming OTL bombed because I've run a bunch of other stuff since the original log was posted?

Thanks,
Andrew

Edited by dappy, 27 December 2010 - 07:55 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you run TDSSKiller and combofix yet ?

If not run this OTL fix and then run the other two programmes, if you have run them then post the logs please and let me know if you are still getting redirected

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: ˙ž1 2 7 . 0 . 0 . 1 l o c a l h o s t
    O1 - Hosts: : : 1 l o c a l h o s t
    O4 - HKLM..\Run: [] File not found
    [2010/12/02 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Zz
    [2010/12/27 20:33:34 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\qovuwvuhp.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
dappy

dappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL hung again. "Processing 01 - Hosts: 127.0.0.1 localhost"...

I had (previous to my first post) run all of the directions in the "Google Redirect Fix" topic in this forum. Is there a way to recover from this hang other than a reboot?

Thanks,
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No reboot please. I would like you to re-run both TDSSKiller and Combofix as I will need to see what the logs state

Also we will need to reset the Host file

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

  • 0

#7
dappy

dappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Well, OTL kills explorer, etc. What should I run from task manager to "re-enable" windows, such that I can rerun TDSK, etc? (I have no task bar or menus right now, I'm posting using my other pc).

Thanks!

---

Duh.. explorer! :D

ok, running the stuff again...

Edited by dappy, 28 December 2010 - 02:08 PM.

  • 0

#8
dappy

dappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the latest TDSSKiller log:

2010/12/28 15:10:22.0145 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/28 15:10:22.0145 ================================================================================
2010/12/28 15:10:22.0145 SystemInfo:
2010/12/28 15:10:22.0145
2010/12/28 15:10:22.0145 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/28 15:10:22.0145 Product type: Workstation
2010/12/28 15:10:22.0145 ComputerName: SPOONERHOME
2010/12/28 15:10:22.0147 UserName: Andrew and Terri
2010/12/28 15:10:22.0147 Windows directory: C:\Windows
2010/12/28 15:10:22.0147 System windows directory: C:\Windows
2010/12/28 15:10:22.0147 Processor architecture: Intel x86
2010/12/28 15:10:22.0147 Number of processors: 2
2010/12/28 15:10:22.0147 Page size: 0x1000
2010/12/28 15:10:22.0147 Boot type: Normal boot
2010/12/28 15:10:22.0147 ================================================================================
2010/12/28 15:10:26.0960 Initialize success
2010/12/28 15:10:31.0626 ================================================================================
2010/12/28 15:10:31.0626 Scan started
2010/12/28 15:10:31.0626 Mode: Manual;
2010/12/28 15:10:31.0626 ================================================================================
2010/12/28 15:10:34.0155 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/28 15:10:34.0189 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/28 15:10:34.0216 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/28 15:10:34.0250 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/28 15:10:34.0302 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/28 15:10:34.0331 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/28 15:10:34.0397 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/28 15:10:34.0424 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/28 15:10:34.0449 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/28 15:10:34.0485 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/28 15:10:34.0544 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/28 15:10:34.0573 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/28 15:10:34.0601 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/28 15:10:34.0752 amdkmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/28 15:10:34.0902 amdkmdap (e9890f7ec1ab4d09afeb09dd76334622) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/28 15:10:34.0929 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/28 15:10:34.0960 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/28 15:10:34.0993 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/28 15:10:35.0035 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/28 15:10:35.0070 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/28 15:10:35.0152 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/28 15:10:35.0180 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/28 15:10:35.0237 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/28 15:10:35.0258 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/28 15:10:35.0320 AtiHDAudioService (35207458c90f55c61247de139a6a243a) C:\Windows\system32\drivers\AtihdW73.sys
2010/12/28 15:10:35.0366 ATITool (d4ed96ac2fafee2c697436b9a2871cd3) C:\Windows\system32\DRIVERS\ATITool.sys
2010/12/28 15:10:35.0430 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/28 15:10:35.0469 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/28 15:10:35.0514 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/28 15:10:35.0566 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/28 15:10:35.0588 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/28 15:10:35.0610 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/28 15:10:35.0637 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/28 15:10:35.0668 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/28 15:10:35.0693 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/28 15:10:35.0714 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/28 15:10:35.0743 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/28 15:10:35.0772 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/28 15:10:35.0808 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/28 15:10:35.0845 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/28 15:10:35.0877 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/28 15:10:35.0918 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/28 15:10:35.0968 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/28 15:10:35.0992 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/28 15:10:36.0028 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/28 15:10:36.0063 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/28 15:10:36.0088 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/28 15:10:36.0117 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/28 15:10:36.0182 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/28 15:10:36.0247 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/28 15:10:36.0276 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/28 15:10:36.0320 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/28 15:10:36.0387 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/28 15:10:36.0439 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/28 15:10:36.0483 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2010/12/28 15:10:36.0533 Eacfilt (47d1b4dc8da75742f023ae21e0d057a2) C:\Windows\system32\DRIVERS\eacfilt.sys
2010/12/28 15:10:36.0618 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/28 15:10:36.0726 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/28 15:10:36.0766 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/28 15:10:36.0829 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
2010/12/28 15:10:36.0855 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/28 15:10:36.0916 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
2010/12/28 15:10:36.0975 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/28 15:10:37.0003 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/28 15:10:37.0058 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/28 15:10:37.0106 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/28 15:10:37.0131 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/28 15:10:37.0170 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/28 15:10:37.0205 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/28 15:10:37.0251 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/28 15:10:37.0292 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/12/28 15:10:37.0328 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/28 15:10:37.0363 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/28 15:10:37.0401 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/28 15:10:37.0449 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/28 15:10:37.0486 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/28 15:10:37.0519 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/28 15:10:37.0543 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/28 15:10:37.0571 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/28 15:10:37.0608 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/28 15:10:37.0642 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/28 15:10:37.0712 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/28 15:10:37.0770 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/28 15:10:37.0800 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/28 15:10:37.0825 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/28 15:10:37.0865 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/28 15:10:38.0002 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/28 15:10:38.0099 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/28 15:10:38.0136 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/28 15:10:38.0171 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/28 15:10:38.0204 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/28 15:10:38.0242 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/28 15:10:38.0271 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/28 15:10:38.0326 IPSECEXT (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
2010/12/28 15:10:38.0349 IPSECSHM (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
2010/12/28 15:10:38.0381 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/28 15:10:38.0426 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys
2010/12/28 15:10:38.0456 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/28 15:10:38.0485 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/28 15:10:38.0527 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/28 15:10:38.0564 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/28 15:10:38.0600 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/28 15:10:38.0636 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/28 15:10:38.0716 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/28 15:10:38.0768 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/28 15:10:38.0795 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/28 15:10:38.0824 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/28 15:10:38.0851 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/28 15:10:38.0872 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/28 15:10:38.0909 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/28 15:10:38.0941 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/28 15:10:38.0981 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/28 15:10:39.0017 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/28 15:10:39.0053 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/28 15:10:39.0080 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/28 15:10:39.0172 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/28 15:10:39.0224 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/28 15:10:39.0254 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/28 15:10:39.0283 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/28 15:10:39.0309 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/28 15:10:39.0351 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/28 15:10:39.0385 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/28 15:10:39.0413 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/28 15:10:39.0444 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/28 15:10:39.0469 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/28 15:10:39.0491 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/28 15:10:39.0547 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/28 15:10:39.0574 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/28 15:10:39.0596 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/28 15:10:39.0650 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/28 15:10:39.0679 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/28 15:10:39.0714 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/28 15:10:39.0738 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/28 15:10:39.0773 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/28 15:10:39.0813 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/28 15:10:39.0847 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/28 15:10:39.0882 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/28 15:10:39.0935 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/28 15:10:39.0974 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/28 15:10:40.0000 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/28 15:10:40.0035 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/28 15:10:40.0065 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/28 15:10:40.0088 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/28 15:10:40.0121 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/28 15:10:40.0168 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/28 15:10:40.0196 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/28 15:10:40.0297 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/28 15:10:40.0331 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/28 15:10:40.0367 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/28 15:10:40.0427 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/28 15:10:40.0498 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/28 15:10:40.0536 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/28 15:10:40.0564 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/28 15:10:40.0594 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/28 15:10:40.0643 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/28 15:10:40.0692 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/28 15:10:40.0717 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/28 15:10:40.0756 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/28 15:10:40.0799 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/28 15:10:40.0826 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/28 15:10:40.0857 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/28 15:10:40.0895 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/28 15:10:40.0935 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/28 15:10:40.0972 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/28 15:10:41.0114 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
2010/12/28 15:10:41.0198 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/28 15:10:41.0234 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/28 15:10:41.0289 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/28 15:10:41.0349 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/28 15:10:41.0388 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/28 15:10:41.0426 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/28 15:10:41.0452 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/28 15:10:41.0479 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/28 15:10:41.0517 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/28 15:10:41.0568 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/28 15:10:41.0596 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/28 15:10:41.0642 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/28 15:10:41.0666 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/28 15:10:41.0693 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/28 15:10:41.0743 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/28 15:10:41.0775 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/28 15:10:41.0817 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/28 15:10:41.0851 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/28 15:10:41.0903 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/28 15:10:41.0996 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2010/12/28 15:10:42.0033 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/28 15:10:42.0062 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/28 15:10:42.0161 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/28 15:10:42.0212 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/28 15:10:42.0256 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/28 15:10:42.0301 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/28 15:10:42.0384 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/28 15:10:42.0447 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/28 15:10:42.0484 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/28 15:10:42.0504 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/28 15:10:42.0578 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/28 15:10:42.0602 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/28 15:10:42.0618 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/28 15:10:42.0647 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/28 15:10:42.0693 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/28 15:10:42.0716 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/28 15:10:42.0743 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/28 15:10:42.0782 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/28 15:10:42.0833 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/28 15:10:42.0936 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/28 15:10:42.0983 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/28 15:10:43.0025 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/28 15:10:43.0084 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/28 15:10:43.0129 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
2010/12/28 15:10:43.0187 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/28 15:10:43.0215 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/28 15:10:43.0243 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/28 15:10:43.0298 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\DRIVERS\szkg.sys
2010/12/28 15:10:43.0319 szkgfs (410a02a920fa9daeec56364e839597c1) C:\Windows\system32\drivers\szkgfs.sys
2010/12/28 15:10:43.0416 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/28 15:10:43.0482 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/28 15:10:43.0520 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/28 15:10:43.0559 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/28 15:10:43.0586 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/28 15:10:43.0610 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/28 15:10:43.0636 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/28 15:10:43.0716 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/28 15:10:43.0745 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/28 15:10:43.0766 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/28 15:10:43.0800 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/28 15:10:43.0852 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/28 15:10:43.0886 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/28 15:10:43.0916 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/28 15:10:43.0964 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/28 15:10:43.0987 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/28 15:10:44.0015 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/28 15:10:44.0048 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/28 15:10:44.0071 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/28 15:10:44.0098 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/28 15:10:44.0129 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/28 15:10:44.0194 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/28 15:10:44.0384 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2010/12/28 15:10:44.0423 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/28 15:10:44.0457 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/28 15:10:44.0484 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/28 15:10:44.0519 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/28 15:10:44.0550 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/28 15:10:44.0581 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/28 15:10:44.0608 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/28 15:10:44.0653 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/28 15:10:44.0674 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/28 15:10:44.0720 vmm (c01604eaea9c89035cff58cdb322476c) C:\Windows\system32\Drivers\vmm.sys
2010/12/28 15:10:44.0746 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/28 15:10:44.0780 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/28 15:10:44.0814 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/28 15:10:44.0842 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/28 15:10:44.0954 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
2010/12/28 15:10:44.0984 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/12/28 15:10:45.0033 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/28 15:10:45.0079 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/28 15:10:45.0098 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/28 15:10:45.0166 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/28 15:10:45.0212 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/28 15:10:45.0298 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/28 15:10:45.0326 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/28 15:10:45.0440 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/28 15:10:45.0485 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/28 15:10:45.0558 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/28 15:10:45.0610 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/28 15:10:45.0643 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/28 15:10:45.0774 ================================================================================
2010/12/28 15:10:45.0774 Scan finished
2010/12/28 15:10:45.0774 ================================================================================
2010/12/28 15:10:55.0805 Deinitialize success


And here's the first one from last week sometime. This one removed a rootkit:
2010/12/20 15:10:53.0083 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/20 15:10:53.0084 ================================================================================
2010/12/20 15:10:53.0084 SystemInfo:
2010/12/20 15:10:53.0084
2010/12/20 15:10:53.0084 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/20 15:10:53.0084 Product type: Workstation
2010/12/20 15:10:53.0084 ComputerName: SPOONERHOME
2010/12/20 15:10:53.0086 UserName: Andrew and Terri
2010/12/20 15:10:53.0086 Windows directory: C:\Windows
2010/12/20 15:10:53.0086 System windows directory: C:\Windows
2010/12/20 15:10:53.0086 Processor architecture: Intel x86
2010/12/20 15:10:53.0086 Number of processors: 2
2010/12/20 15:10:53.0086 Page size: 0x1000
2010/12/20 15:10:53.0086 Boot type: Normal boot
2010/12/20 15:10:53.0086 ================================================================================
2010/12/20 15:10:53.0376 Initialize success
2010/12/20 15:11:01.0230 ================================================================================
2010/12/20 15:11:01.0230 Scan started
2010/12/20 15:11:01.0231 Mode: Manual;
2010/12/20 15:11:01.0231 ================================================================================
2010/12/20 15:11:01.0993 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/20 15:11:02.0033 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/20 15:11:02.0065 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/20 15:11:02.0100 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/20 15:11:02.0136 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/20 15:11:02.0165 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/20 15:11:02.0225 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/20 15:11:02.0260 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/20 15:11:02.0294 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/20 15:11:02.0337 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/20 15:11:02.0375 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/20 15:11:02.0404 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/20 15:11:02.0432 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/20 15:11:02.0588 amdkmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/20 15:11:02.0747 amdkmdap (e9890f7ec1ab4d09afeb09dd76334622) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/20 15:11:02.0777 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/20 15:11:02.0813 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/20 15:11:02.0850 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/20 15:11:02.0880 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/20 15:11:02.0905 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/20 15:11:02.0959 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/20 15:11:02.0984 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/20 15:11:03.0048 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/20 15:11:03.0070 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/20 15:11:03.0156 AtiHDAudioService (35207458c90f55c61247de139a6a243a) C:\Windows\system32\drivers\AtihdW73.sys
2010/12/20 15:11:03.0269 ATITool (d4ed96ac2fafee2c697436b9a2871cd3) C:\Windows\system32\DRIVERS\ATITool.sys
2010/12/20 15:11:03.0413 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/20 15:11:03.0444 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/20 15:11:03.0487 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/20 15:11:03.0536 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/20 15:11:03.0567 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/20 15:11:03.0593 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/20 15:11:03.0620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/20 15:11:03.0649 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/20 15:11:03.0672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/20 15:11:03.0704 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/20 15:11:03.0725 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/20 15:11:03.0757 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/20 15:11:03.0796 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/20 15:11:03.0840 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/20 15:11:03.0878 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/20 15:11:03.0922 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/20 15:11:03.0975 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/20 15:11:04.0003 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/20 15:11:04.0039 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/20 15:11:04.0069 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/20 15:11:04.0097 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/20 15:11:04.0131 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/20 15:11:04.0184 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/20 15:11:04.0249 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/20 15:11:04.0287 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/20 15:11:04.0322 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/20 15:11:04.0386 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/20 15:11:04.0433 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/20 15:11:04.0477 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2010/12/20 15:11:04.0544 Eacfilt (47d1b4dc8da75742f023ae21e0d057a2) C:\Windows\system32\DRIVERS\eacfilt.sys
2010/12/20 15:11:04.0636 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/20 15:11:04.0753 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/20 15:11:04.0790 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/20 15:11:04.0821 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/20 15:11:04.0872 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/20 15:11:04.0905 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/20 15:11:04.0946 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/20 15:11:04.0992 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/20 15:11:05.0016 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/20 15:11:05.0051 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/20 15:11:05.0082 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/20 15:11:05.0120 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/20 15:11:05.0178 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/12/20 15:11:05.0222 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/20 15:11:05.0257 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/20 15:11:05.0302 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/20 15:11:05.0340 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/20 15:11:05.0380 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/20 15:11:05.0405 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/20 15:11:05.0436 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/20 15:11:05.0454 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/20 15:11:05.0487 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/20 15:11:05.0528 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/20 15:11:05.0599 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/20 15:11:05.0655 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/20 15:11:05.0686 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/20 15:11:05.0705 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/20 15:11:05.0751 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/20 15:11:05.0890 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/20 15:11:06.0005 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/20 15:11:06.0052 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/20 15:11:06.0073 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/20 15:11:06.0112 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/20 15:11:06.0140 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/20 15:11:06.0167 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/20 15:11:06.0236 IPSECEXT (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
2010/12/20 15:11:06.0260 IPSECSHM (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
2010/12/20 15:11:06.0284 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/20 15:11:06.0309 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/20 15:11:06.0342 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/20 15:11:06.0378 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/20 15:11:06.0405 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/20 15:11:06.0436 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/20 15:11:06.0472 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/20 15:11:06.0535 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/20 15:11:06.0590 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/20 15:11:06.0616 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/20 15:11:06.0650 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/20 15:11:06.0671 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/20 15:11:06.0709 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/20 15:11:06.0750 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/20 15:11:06.0783 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/20 15:11:06.0829 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/20 15:11:06.0852 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/20 15:11:06.0880 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/20 15:11:06.0907 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/20 15:11:06.0933 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/20 15:11:06.0984 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/20 15:11:07.0012 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/20 15:11:07.0044 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/20 15:11:07.0069 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/20 15:11:07.0108 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/20 15:11:07.0146 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/20 15:11:07.0173 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/20 15:11:07.0205 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/20 15:11:07.0239 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/20 15:11:07.0268 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/20 15:11:07.0324 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/20 15:11:07.0351 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/20 15:11:07.0372 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/20 15:11:07.0423 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/20 15:11:07.0459 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/20 15:11:07.0479 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/20 15:11:07.0515 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/20 15:11:07.0544 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/20 15:11:07.0590 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/20 15:11:07.0620 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/20 15:11:07.0643 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/20 15:11:07.0686 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/20 15:11:07.0726 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/20 15:11:07.0751 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/20 15:11:07.0777 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/20 15:11:07.0801 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/20 15:11:07.0832 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/20 15:11:07.0857 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/20 15:11:07.0895 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/20 15:11:07.0923 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/20 15:11:08.0015 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/20 15:11:08.0049 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/20 15:11:08.0086 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/20 15:11:08.0146 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/20 15:11:08.0216 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/20 15:11:08.0253 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/20 15:11:08.0274 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/20 15:11:08.0308 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/20 15:11:08.0338 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/20 15:11:08.0394 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/20 15:11:08.0586 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/20 15:11:08.0634 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/20 15:11:08.0676 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/20 15:11:08.0718 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/20 15:11:08.0738 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/20 15:11:08.0794 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/20 15:11:08.0837 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/20 15:11:08.0866 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/20 15:11:09.0004 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
2010/12/20 15:11:09.0059 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/20 15:11:09.0079 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/20 15:11:09.0133 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/20 15:11:09.0190 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/20 15:11:09.0238 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/20 15:11:09.0278 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/20 15:11:09.0305 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/20 15:11:09.0340 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/20 15:11:09.0369 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/20 15:11:09.0412 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/20 15:11:09.0440 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/20 15:11:09.0469 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/20 15:11:09.0491 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/20 15:11:09.0522 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/20 15:11:09.0570 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/20 15:11:09.0594 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/20 15:11:09.0636 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/20 15:11:09.0669 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/20 15:11:09.0704 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/20 15:11:09.0799 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2010/12/20 15:11:09.0844 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/20 15:11:09.0875 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/20 15:11:09.0985 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/20 15:11:10.0018 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/20 15:11:10.0053 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/20 15:11:10.0103 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/20 15:11:10.0161 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/20 15:11:10.0217 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/20 15:11:10.0237 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/20 15:11:10.0261 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/20 15:11:10.0350 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/20 15:11:10.0405 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/20 15:11:10.0454 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/20 15:11:10.0472 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/20 15:11:10.0515 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/20 15:11:10.0550 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/20 15:11:10.0577 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/20 15:11:10.0604 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/20 15:11:10.0653 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/20 15:11:10.0771 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/20 15:11:10.0827 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/20 15:11:10.0885 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/20 15:11:10.0926 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/20 15:11:10.0981 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
2010/12/20 15:11:11.0026 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/20 15:11:11.0058 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/20 15:11:11.0087 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/20 15:11:11.0201 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/20 15:11:11.0259 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/20 15:11:11.0297 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/20 15:11:11.0331 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/20 15:11:11.0351 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/20 15:11:11.0388 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/20 15:11:11.0410 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/20 15:11:11.0485 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/20 15:11:11.0513 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/20 15:11:11.0534 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/20 15:11:11.0569 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/20 15:11:11.0615 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/20 15:11:11.0646 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/20 15:11:11.0679 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/20 15:11:11.0725 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/20 15:11:11.0746 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/20 15:11:11.0776 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/20 15:11:11.0809 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/20 15:11:11.0836 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/20 15:11:11.0863 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/20 15:11:11.0901 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/20 15:11:11.0937 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/20 15:11:12.0012 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2010/12/20 15:11:12.0033 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/20 15:11:12.0072 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/20 15:11:12.0103 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/20 15:11:12.0130 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/20 15:11:12.0165 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/20 15:11:12.0192 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/20 15:11:12.0221 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/20 15:11:12.0254 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/20 15:11:12.0276 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/20 15:11:12.0339 vmm (c01604eaea9c89035cff58cdb322476c) C:\Windows\system32\Drivers\vmm.sys
2010/12/20 15:11:12.0374 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/20 15:11:12.0407 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/20 15:11:12.0441 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/20 15:11:12.0471 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/20 15:11:12.0617 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
2010/12/20 15:11:12.0661 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/12/20 15:11:12.0708 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/20 15:11:12.0740 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/20 15:11:12.0759 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/20 15:11:12.0837 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/20 15:11:12.0873 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/20 15:11:12.0967 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/20 15:11:12.0987 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/20 15:11:13.0108 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/20 15:11:13.0154 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/20 15:11:13.0227 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/20 15:11:13.0281 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/20 15:11:13.0312 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/20 15:11:13.0387 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/20 15:11:13.0417 ================================================================================
2010/12/20 15:11:13.0417 Scan finished
2010/12/20 15:11:13.0417 ================================================================================
2010/12/20 15:11:13.0435 Detected object count: 1
2010/12/20 15:11:25.0805 \HardDisk0 - will be cured after reboot
2010/12/20 15:11:25.0806 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/20 15:11:34.0973 Deinitialize success


NOTE: In case you scrolled all the way to the bottom, note that I posted two TDSK logs. First, one from today, second, one from 12/20...

I have never run ComboFix..

Edited by dappy, 28 December 2010 - 02:22 PM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm that should have cleared the redirects, you say that only IE redirects now ?

Could you run the Hostxpert now please and let me know if you are able to reset the host file

Then if you could run combofix as I would like to look for hidden drivers

OTL will kill explorer as part of the run required it to kill all processes :D
  • 0

#10
dappy

dappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Firefox eventually redirects also.

Where do I get Hostxpert?

(It looks like I have no hosts file right now. Not sure how that's possible...)

Thanks.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hostexpert link and destructions :D

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Then download and run Combofix

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#12
dappy

dappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks, ComboFix is running now. I realized you had already posted the hostsxpert instructions :D
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did it manage to change the host file for you ?
  • 0

#14
dappy

dappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes. hosts file is normal now. Combofix log:

ComboFix 10-12-26.01 - Andrew and Terri 12/28/2010 15:44:02.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1944 [GMT -5:00]
Running from: c:\users\Andrew and Terri\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Andrew and Terri\AppData\Roaming\EurekaLog
c:\users\Andrew and Terri\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-28 20:51 . 2010-12-28 20:52 -------- d-----w- c:\users\Andrew and Terri\AppData\Local\temp
2010-12-28 20:51 . 2010-12-28 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 20:51 . 2010-12-28 20:51 -------- d-----w- c:\users\Boyz\AppData\Local\temp
2010-12-28 00:40 . 2010-12-28 00:40 -------- d-----w- C:\_OTL
2010-12-24 01:56 . 2010-12-28 20:19 -------- d-----w- c:\programdata\STOPzilla!
2010-12-24 01:56 . 2010-12-24 01:56 -------- d-----w- c:\program files\STOPzilla!
2010-12-24 01:56 . 2010-12-24 01:56 -------- d-----w- c:\program files\Common Files\iS3
2010-12-23 16:40 . 2010-12-23 16:40 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-12-23 16:40 . 2010-12-23 16:40 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-12-23 16:40 . 2010-12-23 16:40 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-12-23 16:40 . 2010-12-23 16:40 452048 ----a-r- c:\windows\system32\SZBase5.dll
2010-12-23 16:40 . 2010-12-23 16:40 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-12-23 16:40 . 2010-12-23 16:40 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-12-23 16:40 . 2010-12-23 16:40 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-12-23 16:40 . 2010-12-23 16:40 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-12-23 16:40 . 2010-12-23 16:40 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-12-23 16:40 . 2010-12-23 16:40 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-12-23 16:40 . 2010-12-23 16:40 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-12-23 16:40 . 2010-12-23 16:40 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-12-22 12:24 . 2010-10-28 17:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-12-22 12:24 . 2010-07-15 13:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-12-22 12:24 . 2010-07-15 13:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-12-22 12:24 . 2010-07-15 13:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-12-22 12:24 . 2010-07-15 13:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-12-22 12:24 . 2010-12-22 12:24 -------- d-----w- c:\program files\EASEUS
2010-12-20 19:47 . 2010-12-20 19:47 -------- d-----w- C:\_OTM
2010-12-20 02:52 . 2010-12-20 02:52 -------- d-----w- c:\users\Andrew and Terri\AppData\Roaming\SUPERAntiSpyware.com
2010-12-20 02:52 . 2010-12-20 02:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-20 02:52 . 2010-12-20 02:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-20 02:37 . 2010-12-20 02:37 -------- d-----w- c:\users\Andrew and Terri\AppData\Roaming\Malwarebytes
2010-12-20 02:37 . 2010-12-20 02:37 -------- d-----w- c:\programdata\Malwarebytes
2010-12-20 02:37 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 02:36 . 2010-12-20 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-20 02:36 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 17:25 . 2010-12-18 20:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-18 17:25 . 2010-12-18 17:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-18 12:55 . 2010-12-18 12:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-12-18 12:51 . 2010-12-19 15:05 -------- d--h--w- c:\program files\Common Files\Services Shared
2010-12-18 12:50 . 2010-12-18 12:50 126464 --sha-r- c:\windows\system32\msiltcfg1.dll
2010-12-17 11:18 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12499000-358E-4618-9373-CD28106D63DD}\mpengine.dll
2010-12-15 20:29 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 20:27 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 20:27 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 20:27 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 20:26 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-15 20:24 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-05 19:08 . 2010-12-05 19:30 -------- d-----w- c:\users\Andrew and Terri\AppData\Roaming\Sony Corporation
2010-12-04 03:01 . 2010-12-04 03:02 -------- d-----w- c:\program files\Sony
2010-12-04 03:00 . 2010-12-04 03:00 -------- d-----w- c:\users\Andrew and Terri\AppData\Roaming\InstallShield
2010-12-02 22:59 . 2010-12-02 22:59 -------- d-----w- c:\program files\Zz
2010-12-02 11:37 . 2010-12-02 11:37 -------- d-----w- c:\users\Andrew and Terri\AppData\Roaming\Microsoft FxCop
2010-11-28 21:33 . 2010-11-28 21:33 -------- d-----w- c:\users\Boyz\AppData\Roaming\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 23:00 . 2010-11-10 00:58 2482912 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-11-10 04:33 . 2010-06-04 01:57 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-31 14:11 . 2010-10-31 14:11 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-10-31 14:11 . 2010-10-31 14:11 47360 ----a-w- c:\users\Andrew and Terri\AppData\Roaming\pcouffin.sys
2010-10-24 01:57 . 2010-10-24 01:57 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-10-24 01:56 . 2010-10-24 01:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-10-24 01:56 . 2010-10-24 01:56 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-21 02:33 . 2010-10-21 02:20 100512 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2010-10-19 20:51 . 2010-06-03 01:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 23:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 23:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 23:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 23:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 23:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 23:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 23:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 23:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 23:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TortoiseHgOverlayIconServer"="c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2010-11-16 43424]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Users^Andrew and Terri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Disney Vacation Connection.lnk]
path=c:\users\Andrew and Terri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk
backup=c:\windows\pss\Disney Vacation Connection.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-04-09 148232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2009-12-07 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2010-05-12 59280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 NvcRpcServer;Nortel CVC Service;c:\program files\Xerox External Access Network\NvcRpcSvr.exe [2007-04-09 71176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2007-04-09 31784]


--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
FF - ProfilePath - c:\users\Andrew and Terri\AppData\Roaming\Mozilla\Firefox\Profiles\a8l23hup.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Silvermel and Charamel XT: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Silvermel: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Scooby-Doo™, Phantom of the Knight™ - c:\program files\The Learning Company\Scooby-Doo™


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-28 15:55:45
ComboFix-quarantined-files.txt 2010-12-28 20:55

Pre-Run: 59,080,364,032 bytes free
Post-Run: 64,381,489,152 bytes free

- - End Of File - - 3DC775805AABFC158F07C4344D0A1C2A
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you connect via a router ? Do any other users have a redirect problem ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP