Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue screen of death !

Started by Casshern , Feb 22 2011 04:58 AM

  • This topic is locked This topic is locked

#1
Casshern
Posted 22 February 2011 - 04:58 AM

Casshern

    Member

  • Member
  • PipPip
  • 12 posts
Hey all,

I did a ridiculously stupid thing and downloaded a file from Keygenguru thinking it was a serial number generator for final cut pro 7. It came as a .rar and I unzipped and for some stupid reason double clicked the application. It went to a blue screen immediately and restarted and then whenever I try and get into windows I get the same results. Safe mode seems to be okay but when I tried to delete the crack from my desktop it froze. I have found other tutorials on here that describe similar problems but they were from different files from the same site - keygenguru. My computer is currently un-usable (typing this on a friends PC) and I have lots of coursework to be getting on with ! If anyone would be so kind as to take me through the steps of fixing this I would be eternally grateful !

Regards

Casshern
  • 0

Advertisements

#2
Salagubang
Posted 22 February 2011 - 09:47 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Casshern,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

Download OTL and transfer it the Desktop of the ailing computer.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32
    /md5start
    winlogon.exe
    explorer.exe
    svchost.exe
    userinit.exe
    /md5stop
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    c:\windows\minidump\*.*
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP
    c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply

  • 0

#3
Casshern
Posted 23 February 2011 - 02:47 AM

Casshern

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Salagubang Thanks for getting to me, I'd just like to add before we begin that I downloaded MalwareBytes from this site earlier and managed to delete 2 trojans and a rogue avsuite, Heres the Extras.Txt.

OTL Extras logfile created on: 23/02/2011 08:35:00 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Tom\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 301.81 Gb Total Space | 16.30 Gb Free Space | 5.40% Space Free | Partition Type: NTFS
Drive E: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 465.76 Gb Total Space | 462.17 Gb Free Space | 99.23% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = CE EA A6 4E 3E 52 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-43350634-2738492963-1285493234-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{150CA4E1-0500-4ABF-B9F3-CCEE784608C9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1D0D0133-9F06-4486-BC88-1A656CB7F0DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{25B264D0-A88B-4C53-88F2-6DE6FF20C6C5}" = rport=139 | protocol=6 | dir=out | app=system |
"{2BDD6B67-87D0-43DF-954D-ADA2B8EC1BE3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{2F3EE7BE-DBE9-4CAE-AC5C-355452695051}" = lport=2869 | protocol=6 | dir=in | app=system |
"{313A76DB-5CB6-455D-940B-640F1838F9C9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{34A97E9D-8E8C-4A30-B9B5-0F1CA04FA6AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37F06207-3DEA-4416-9DE0-3DDC7DC86CCD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3ADD0952-43C1-4D6D-BBA3-B3FAF8E4F4AB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3CA5C934-5B33-496F-9C29-B0867B603CE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42AEEDED-229B-430C-8245-8DE432D13AAE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48CC1181-E37F-46B2-945D-3E003F66041A}" = lport=139 | protocol=6 | dir=in | app=system |
"{4B6434F9-5922-4059-B543-85E19DAEB07B}" = rport=138 | protocol=17 | dir=out | app=system |
"{4D7A9958-F988-4013-B595-CF3ED95246C4}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{53847F6F-A07C-4556-A9B7-68BB929B5D0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{53D6F8F6-865C-477F-947F-71F22642FC3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{64F405DA-9934-4A23-BC43-36B465FFBC61}" = rport=445 | protocol=6 | dir=out | app=system |
"{65C91721-BBD2-411B-AD4B-CFE0071ADE24}" = lport=445 | protocol=6 | dir=in | app=system |
"{6EC072D8-A3AD-4791-BDF5-31BAD5B2524D}" = lport=58676 | protocol=17 | dir=in | name=pando media booster |
"{706E2656-2480-4E72-854C-021C82283771}" = rport=137 | protocol=17 | dir=out | app=system |
"{731DABC0-68F4-4794-A23A-6A153531F78B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7E59AD7C-3E59-4396-AAFF-673D7D602426}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A1B04E9-E82F-4599-97DD-BC44A58F4689}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B89B3D1-3516-42F4-9561-74E6DEF8EC02}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{9C3C44DF-4D54-4971-840B-3EABF7FA022E}" = lport=58676 | protocol=6 | dir=in | name=pando media booster |
"{9E0D2591-4FAD-439E-80DC-D6D1D245F9A7}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4A9E717-6EE2-4035-AD2A-5F29E9C22C44}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A6ACA543-3B6F-4F6F-A3AC-E493A68E10A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABB9E6CF-4330-43E7-B748-DB9F9DC30332}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B345B175-9B8F-495D-B135-92560E55A19D}" = lport=58676 | protocol=6 | dir=in | name=pando media booster |
"{B60ED59D-F608-402A-AF77-05DA2A42541D}" = lport=58676 | protocol=17 | dir=in | name=pando media booster |
"{CB7F9F41-3C05-49BE-84DF-6BC8452BF24B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D0196D5A-BC1C-4FD8-8482-DCF5727A54DE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DEACD2F3-2A3C-4CA9-A298-63BAF11B19BD}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{E33C8B81-C524-4470-965F-4725B8107311}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E89CE554-8A04-4820-8F73-90317374DBC9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EBEB9A64-FD21-458B-9736-2729047B7A89}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F0A80CA8-8737-4DF6-8E29-FE9AA1963B26}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{FCE6AE13-ABC1-4744-97B6-7FB608FFF93C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{FD8CDE37-BFAC-4740-8E3E-5E8355E44C7B}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CA1A9C-4A0F-4186-9F0D-0B4F84D33632}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0168993C-FD42-4ACA-ABBE-8164D2CE2AF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{05494BDB-224F-415E-B571-8EBDA163A826}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{07A6236B-6B1E-4F7A-A2E7-48953918B2B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08174447-442C-42B6-B060-0AE1ACEE7163}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{085EEF14-146C-4693-8AD1-6ED27B6EC254}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{0A43CED1-963C-4F1B-9BBB-855AAA52CF60}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{0CBED781-291A-4D88-9964-4362E9EF2B41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{0E769315-8A0B-4B57-8CF0-1FD83801598E}" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\apps\2.0\mz7chcqo.6at\kzmpe1kg.hm3\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{0EAF0FF4-E57D-412C-A404-36F85D31EFEF}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{14498D7C-00F6-4B50-960A-F4C28D761546}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{1581C6D8-1101-45E6-B567-AF8254414A01}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{19F5E939-2590-4EC2-BEF8-98BBF067C4F4}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{1CA9866D-006B-49C4-BB48-7D645E852676}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CC01E34-6439-479F-BDCC-39B8E9B6A684}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{1F719F9E-DFA5-494A-A036-30230241D6BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{23A3DE10-45CF-499E-BDD2-5F82F326B4FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{244786D3-DAF0-4DE7-A159-D315B45F222D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2941E622-B9A5-4425-A156-E74AE2E83FFA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2BFFECF9-982B-4AE7-81AE-36F1D30108E3}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{2E379700-8A91-43A5-81B4-F6EEFFAD3170}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2E92913B-1D86-413D-A06D-BD1B315E2C92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2EA76ADA-164A-402F-8B76-261262FB78EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{30733F15-F87A-41C0-91FA-19370AD43602}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{308878B8-345D-4F6A-962B-1BA341464AAA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{320D2147-EC17-459C-9CE3-1E624BCA7D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{33D9A64E-7326-4943-91D1-3B42FDAAC90A}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{398D4990-BB95-447E-862A-29379232CBC9}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{3E6A377E-38B2-4BC7-B3F0-8DA02E488CA1}" = protocol=1 | dir=in | [email protected],-28543 |
"{412BC8A8-2169-4EF9-AFC8-B8C5A717363D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{47B7E447-DBB5-4781-B550-22976CD35AC3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4A3645CF-F2B3-4342-9C81-3AAE78981C62}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{4DD0DE9B-B889-4E1E-9D18-D45EA3EA6E40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{4EAD6E7F-D896-4456-BC77-61509A16BD13}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4EF961A2-B3AB-4524-9381-D9B62C70F560}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F24C572-EB0E-47BB-B89C-B1BF6912101C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{5093B411-92C9-40F3-81C7-F8EA879E5B45}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{50E06944-8452-46F9-A6CF-41BF45FBAA0A}" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\apps\2.0\mz7chcqo.6at\kzmpe1kg.hm3\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{516D034A-61B8-4E15-8638-D284C380BB2B}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{5501ACC3-9B2C-48D8-A8FF-C9C11D68A96A}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{55ECBFB3-68EA-45DD-AB8A-08D694165D78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{57D877B3-9124-4D44-9F4D-937A8548C57D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{5B0DC22F-1945-4ADA-8309-F6A49A915293}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CA9E495-1EC2-4CA0-95B6-2F0F3BD607AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{5E05BE7E-6492-4769-A36D-28429DA438EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{5FB429D8-CC0E-418B-BBFE-5CB903B8C589}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{61B74C09-7AEA-4210-B63C-C25228336F53}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"{620C2443-116A-48C7-AC71-37FB085AED20}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"{68E2EC8D-DD90-43C0-B573-713BFCABD185}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{71079E65-21D6-4FC6-AD1D-12021E34A303}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{73EE34EF-E183-4197-B8BD-FE7866429664}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{76AEA294-FBF1-41F8-8522-D95AB4A23FC7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{772B69CD-F655-4393-8927-AC3D06977431}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{77830E54-11DD-45D2-99EC-267F68A2E069}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{7ADA6E20-CC47-41FA-82A6-CA924C3107CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{7DEEA355-A242-4D63-9972-3C918B0A640E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{7F973879-158F-4E7A-BEEB-57C1ACAB7919}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8137AF5F-12F8-426E-B594-3196C4327107}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{817255BB-9AE4-4CC3-8C11-FA26A5B6ED15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{83739CA9-B35C-4C12-B33D-47DAAE5C3EB3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83B09263-240C-4336-AD60-C29B7000BE35}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{881B7611-AFFC-4917-9680-F6A4D31A44AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8B2DE4D9-E31A-4E12-B8EF-FDCBB4CF5EF5}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{9045DA79-9E0E-4CC3-B4B7-AE5A499F7F6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{9165A448-41FF-41E1-9A78-7A2E824DF724}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{922A6F1B-B068-4E1E-88C4-E8D5D53ECF97}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{93A1B14C-E163-49C6-BB8C-205BFA909843}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{95C99DAA-002D-4427-BADD-06120C498606}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95DCBE08-A15E-43B4-8BD6-BC11EDCA5BC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{974AF789-0A7C-43C9-B332-6B4F897D5B14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{99524054-476B-46B1-9480-B8961DCDBCCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{9966040E-A865-4587-8843-D2830DD2B39F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{99E809E2-B6EC-425C-BE82-F51D9225C51B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9F0B4D6C-432D-475B-91F0-91912EE2D638}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{9F5491DB-0A32-44F0-AFA3-B4260C007366}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9F93C276-3FE0-455C-99B7-55E4FBD1026E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A0907D2F-D08E-4E22-81BE-CF76A505F7CE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A1171FC6-34A7-4371-8BEB-633D1FFD1580}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator\avp.exe |
"{A12035EF-A5ED-41E0-B86D-1566BC74D578}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A3364BE4-BBBF-4715-BE1B-86ED098615AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A585DCBB-2E7E-4714-A63C-05ADD267270B}" = protocol=6 | dir=in | app=c:\windows\temp\~os4579.tmp\ossproxy.exe |
"{A9469EC0-4617-420B-AFA1-8CB640EFCE82}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{ABB7B6A8-7835-4093-B5FE-E001FC079127}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADF633EF-3F0D-4F43-A263-BFBDCC24DCFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{B02A4967-93DF-4A1E-9E74-47060480DF31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0F0EC6E-30A5-4DF6-8A53-D35D7186BCF8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1016600-F28E-44E7-85CE-84560FB948AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{B89B6255-2941-402D-8796-B6E372579AE0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{B903F8AF-F009-4390-871D-41119E95F091}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{BBE38225-5C39-4B5C-9D4C-F0F6FA236302}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{BCFFEBA0-2DFF-48FA-809B-749C960CD798}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{BE20D701-B17A-4D68-9914-1C2430A764A2}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{C07552B1-A1BD-4797-B15A-C02A853778D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{C0B2A520-A5E5-4216-980B-915DFB976318}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{C6EA5F3F-4BF6-4E38-803F-6042BB7944B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{C863B3A7-5C6A-4EF6-AFBB-2EF4FDB4EA24}" = protocol=6 | dir=out | app=system |
"{CB2F68E5-604B-4592-A748-73CB7E928542}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{CB9D04F0-34D2-4632-9C21-6ED00B7A3DE3}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{CBEB0BBB-2B72-414D-87D8-3B8846DC2443}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CE8A15CE-1D88-4892-BE36-234B8A236EE3}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{CF25D224-DB63-477E-B749-B2E28602C0E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{CF8C6F90-2093-4BD2-A457-3BF65336F692}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{D1479EFB-46AC-4DF4-AF24-186B75FF7281}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{D1527C66-4416-4BB9-86DB-9FBF8999E2D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D5A89616-5BCD-4C8F-9A4D-2C2667F9FFC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{D7152009-CD42-4EC5-B219-B358C5981D81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{D7AF8FDC-5B3F-40DF-955F-10353D012215}" = protocol=58 | dir=out | [email protected],-28546 |
"{D7EC5E43-2732-4E19-87A8-B4A39C63E476}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D81DD71B-74D5-486E-B8AB-75DB3F3F8FE5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DCFBDD21-74F7-41B3-9A2E-8E64B52338B8}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{DD5B6915-137F-4E55-9824-B252A41800CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{DFB1082B-B07A-41D0-A3A4-5A48AC975798}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E1A0FCF0-D4BE-4B6D-9A11-7DE8B9A704F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator\avp.exe |
"{E2A4422A-4BDD-4E5D-A0E3-254EC71DED86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{E8B4CAE8-6A33-46E1-8BC2-262C9160FEB9}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EBC299B4-C3EF-40F2-8A2C-465B905EF11C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{ED2F3799-D393-48DE-A69C-CB07AFEAE3EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF414254-C0A9-4266-94C7-EF260A21C97A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F16D8B38-7DD5-43E8-B837-A4EE02EC4A68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{F2F3470A-C55E-4C1F-8839-643E3C490FFE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F3F6E0CD-6C3D-45EE-AFFC-F2C967B1E88C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{F48DF5C8-FA2C-4438-ADA1-B879A814C86F}" = protocol=58 | dir=in | [email protected],-28545 |
"{F4BF6297-AB96-493D-8DB3-90C6DCDFAB22}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{F6DC62FD-1F86-4E8F-B3F5-8072D8D74143}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{F933F24D-C723-4810-9688-4B59F146C4C6}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{FB311D70-5705-4EE7-B1B1-2E91CDB85097}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB9B337A-F415-45B6-B769-10A1DBC27DC0}" = protocol=1 | dir=out | [email protected],-28544 |
"{FE1EF837-DA95-43B7-9453-F62035C5ECFF}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"TCP Query User{0A53F41E-4BD7-4842-8724-6B018A34FA4A}C:\program files (x86)\postal2stp\system\postal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\postal2stp\system\postal2.exe |
"TCP Query User{0DFBD084-A904-42DF-B9BA-C1327BEF03C4}C:\users\tom\documents\van buren\f3.exe" = protocol=6 | dir=in | app=c:\users\tom\documents\van buren\f3.exe |
"TCP Query User{0E353A52-FFFD-4A3E-9A9F-F24A07375886}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{10A67CDC-6648-4E00-A20A-7E8C2312E11C}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{11511057-3690-47AF-B73F-BA0509E8A6BD}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{12539705-FED6-4A6F-AD48-BC045897B14B}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{140CE20B-1C4E-4C18-99AF-502B76E0309C}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"TCP Query User{1A823629-9F5C-49C7-9C13-1020A5927124}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"TCP Query User{3137C197-7AB4-4684-B6C3-369072A66D07}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{451AB92B-EFF6-4F65-BBEC-A6BC067BCA69}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"TCP Query User{47983350-C489-44BC-8D9F-A76D90F5C8A2}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{4B5DA4BE-67A1-444B-B5EA-5085CD71E686}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{5074E3B5-B253-4496-99E2-E86889253436}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |
"TCP Query User{585796BB-3881-4BDC-9CC8-B6F09718A60B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5AEDE138-61E2-46E4-890A-66B15555C98A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{61F753B4-9ACC-43C5-8E49-C11E932F6650}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{87AF12B7-F897-4A49-A499-868581F02ED1}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"TCP Query User{884DD839-D1D6-4689-97C5-0FB05232E9AC}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{95F0E1E9-CF99-494B-91E3-E49C77D4AAE7}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{993A8B6A-D7BD-4146-8EA6-CFF629FDB0AF}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{A68686D9-45FA-4D68-952F-6AA0CD1D422A}C:\program files (x86)\black isle\bgii - soa\bgmain.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black isle\bgii - soa\bgmain.exe |
"TCP Query User{B4441DBF-2177-48E1-A992-403AAE01D658}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{BB9F36B6-8AAD-4297-9C7B-7056FF2DE31A}C:\program files (x86)\steam\steamapps\casshern999\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\casshern999\team fortress 2\hl2.exe |
"TCP Query User{BDCC0717-7AA2-406F-8255-D089923738BC}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{C61B392D-1DDC-4767-B103-63C47353ACA9}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{D35D2DF5-336E-4607-AF05-E97FEBD6BF69}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"TCP Query User{E0C1AB0E-EC27-4989-8EA2-E062CA0B03A3}C:\program files (x86)\steam\steamapps\casshern999\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\casshern999\team fortress 2\hl2.exe |
"TCP Query User{F078854E-E482-4A35-9DC3-62D7D424F5A6}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe |
"TCP Query User{FBAC9A5A-DB61-4B73-97EA-537663937409}C:\users\tom\appdata\local\temp\blizzard launcher temporary - 2b277810\launcher.exe" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard launcher temporary - 2b277810\launcher.exe |
"TCP Query User{FF00195F-5D55-47E9-BD46-20512C7C0C05}C:\neverwinternights\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\neverwinternights\nwn\nwmain.exe |
"UDP Query User{06D77335-D117-4C62-8EF1-3BD528D2D0DA}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{1A618215-7025-48AA-9ADA-FE5B324DB090}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{1E29B20B-2516-4FD1-A5F8-9C9B4584F40D}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |
"UDP Query User{3641CADE-8ACC-413F-90AC-35983106F5C9}C:\users\tom\documents\van buren\f3.exe" = protocol=17 | dir=in | app=c:\users\tom\documents\van buren\f3.exe |
"UDP Query User{418941E7-416E-481A-8CF2-11EE73F84027}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"UDP Query User{45B19ECD-B6FE-40C5-8CAC-75061BB0A8D7}C:\program files (x86)\steam\steamapps\casshern999\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\casshern999\team fortress 2\hl2.exe |
"UDP Query User{46C241A1-DAAE-4C94-AE95-C968074ECFA4}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{4840F2A9-7AD7-4925-9FDB-0AA08A737FE8}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"UDP Query User{4C6E441E-4701-423C-A3FC-45BC5D3BD071}C:\users\tom\appdata\local\temp\blizzard launcher temporary - 2b277810\launcher.exe" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard launcher temporary - 2b277810\launcher.exe |
"UDP Query User{4F43CB2C-AE9D-4EBF-8C87-55574A391AC8}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{50D3AB5F-B4C9-4CBE-85BF-C95F227F2495}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{533A079B-254E-4DF6-8311-DD3ED5A9BAE9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{58A77C3D-2647-4E6C-A1F9-31638C16F7F5}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{676FD967-2034-4A7C-BF76-34D56941E072}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{70C84FD1-AA76-41B7-839F-336B4589C30B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{799219BF-7A03-4AA1-8C64-C6F46F5A0C7F}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{8173F95E-097A-4903-B2DA-467026C63674}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{889DD90D-A426-4DC6-A248-02CBF1D301AB}C:\program files (x86)\black isle\bgii - soa\bgmain.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black isle\bgii - soa\bgmain.exe |
"UDP Query User{97C3F168-23F1-4DE2-A313-410E50CBA68E}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"UDP Query User{9CDE33E4-9F4C-40D1-ABD9-817F8B228194}C:\neverwinternights\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\neverwinternights\nwn\nwmain.exe |
"UDP Query User{A24054B0-034F-4CFE-B707-3EFBBBB089C9}C:\program files (x86)\postal2stp\system\postal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\postal2stp\system\postal2.exe |
"UDP Query User{AD6DCCBE-6FCD-47D3-8D52-22A11151FD82}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{AF5B5464-1334-4C0B-9538-6F498DA030D0}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe |
"UDP Query User{B0F8F35D-957A-4CAC-8CDD-9806D4951AF0}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{BD106C48-92BC-46D1-A593-6D263D9BF500}C:\program files (x86)\steam\steamapps\casshern999\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\casshern999\team fortress 2\hl2.exe |
"UDP Query User{DE28E1E7-CD5E-48FB-A2E7-7BEB8DC85CB3}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{E5FA9FAB-7BB3-40B4-BB2C-59D4072AC223}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"UDP Query User{E663E7DA-2DC2-4CA0-A6D0-0293654FC292}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{E848DBAC-5397-41D7-9CBA-17CCC150321F}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{F926FD4A-E7CC-40EF-B666-3AE52224B93A}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 23
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Attansic L1 Gigabit Ethernet Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AVG8Uninstall" = AVG Free 8.5
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"BTHomeHub" = BTHomeHub
"CDisplay_is1" = CDisplay 1.8
"Celtx (2.7)" = Celtx (2.7)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Download Manager" = Download Manager 2.3.10
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"ReaJPEG Pro_is1" = ReaJPEG Pro 4.0
"Steam App 10680" = Aliens vs. Predator
"Steam App 22380" = Fallout: New Vegas
"Steam App 24980" = Mass Effect 2
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"Update Service" = Sony Ericsson Update Service
"VLC media player" = VLC media player 0.9.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XpertVision_is1" = XpertVision 6.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#4
Casshern
Posted 23 February 2011 - 02:49 AM

Casshern

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Evidently the computer still can't boot up in normal mode and just gives me a BSOD, and it sometimes randomly happens in safe mode also, and then straight after when I boot it up again in safe mode, but then 3rd time it works again for a while till i get another blue screen, Heres the OTL.Txt;

OTL logfile created on: 23/02/2011 08:35:00 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Tom\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 301.81 Gb Total Space | 16.30 Gb Free Space | 5.40% Space Free | Partition Type: NTFS
Drive E: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 465.76 Gb Total Space | 462.17 Gb Free Space | 99.23% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/23 08:27:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe


========== Modules (SafeList) ==========

MOD - [2011/02/23 08:27:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/21 02:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/21 02:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/16 23:11:47 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/11 16:50:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/18 09:22:10 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/18 09:21:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/30 04:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/24 14:07:02 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2009/10/01 00:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/18 09:22:17 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/08/18 09:22:14 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/05/23 18:32:47 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/05/23 18:32:47 | 000,043,168 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/05/18 18:21:12 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/04/27 01:55:54 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008/01/21 02:48:54 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/21 02:46:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/06/19 07:50:54 | 000,143,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816mdm.sys -- (s816mdm)
DRV:64bit: - [2007/06/19 07:50:54 | 000,129,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV:64bit: - [2007/06/19 07:50:54 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/06/19 07:50:54 | 000,121,896 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816obex.sys -- (s816obex)
DRV:64bit: - [2007/06/19 07:50:54 | 000,030,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV:64bit: - [2007/06/19 07:50:48 | 000,018,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816mdfl.sys -- (s816mdfl)
DRV:64bit: - [2007/06/19 07:50:46 | 000,107,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV:64bit: - [2007/03/24 11:20:18 | 000,069,120 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2006/11/01 07:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 21:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/02/07 19:53:22 | 000,008,704 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2007/03/16 09:11:20 | 000,015,648 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/11 04:37:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/10 15:22:32 | 000,000,000 | ---D | M]

[2010/11/10 23:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2010/11/10 23:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/02/21 01:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\0rtjwn3m.default\extensions
[2010/09/06 01:21:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\0rtjwn3m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 01:21:45 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\0rtjwn3m.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/06 01:21:44 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\0rtjwn3m.default\extensions\[email protected]
[2011/02/21 01:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/05 22:00:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/23 02:04:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 22:13:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/10 23:46:35 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/11/10 23:46:35 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/11/10 23:46:35 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/11/10 23:46:35 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/11/10 23:46:35 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/11/10 23:46:35 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/11/10 23:46:35 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/07 23:27:36 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/07 23:27:36 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/07 23:27:36 | 000,000,759 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/07 23:27:36 | 000,000,831 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ASUS Energy Saving] C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tom\Pictures\MCUNDER.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tom\Pictures\MCUNDER.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/15 09:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 17:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{1643ea8a-dccb-11dd-add2-001fc6a5a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{1643ea8a-dccb-11dd-add2-001fc6a5a37c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1643ea8b-dccb-11dd-add2-001fc6a5a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{1643ea8b-dccb-11dd-add2-001fc6a5a37c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{31371748-a167-11dd-a466-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{31371748-a167-11dd-a466-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{31371776-a167-11dd-a466-001fc6a5a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{31371776-a167-11dd-a466-001fc6a5a37c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{31371787-a167-11dd-a466-001fc6a5a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{31371787-a167-11dd-a466-001fc6a5a37c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{40e20121-a11c-11dd-9b97-001fc6a5a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{40e20121-a11c-11dd-9b97-001fc6a5a37c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{67660e6b-a438-11dd-8466-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67660e6b-a438-11dd-8466-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{67660e9a-a438-11dd-8466-001fc6a5a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{67660e9a-a438-11dd-8466-001fc6a5a37c}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/11/15 09:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O33 - MountPoints2\{67660eab-a438-11dd-8466-001fc6a5a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{67660eab-a438-11dd-8466-001fc6a5a37c}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/11/15 09:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O33 - MountPoints2\{67660ead-a438-11dd-8466-001fc6a5a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{67660ead-a438-11dd-8466-001fc6a5a37c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6a69ecc0-a157-11dd-8cdc-001fc6a5a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{6a69ecc0-a157-11dd-8cdc-001fc6a5a37c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{74b96348-a11e-11dd-9131-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74b96348-a11e-11dd-9131-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{defa9f29-a467-11dd-9d05-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{defa9f29-a467-11dd-9d05-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/11/15 09:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 08:33:57 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2011/02/23 01:44:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
[2011/02/23 01:44:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/23 01:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/23 01:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/23 01:43:58 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/23 01:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/21 15:19:03 | 000,000,000 | R--D | C] -- C:\Users\Tom\Desktop\Comics
[2011/02/11 19:24:00 | 000,031,744 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2011/02/11 19:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2011/02/11 19:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2011/02/11 19:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2011/02/11 19:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2011/02/06 13:57:17 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\EA Games
[2011/02/06 13:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2011/02/06 12:49:41 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\EA Games
[2011/01/27 01:01:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\LaunchpadEnhanced
[2011/01/27 00:58:50 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\LPECommon
[2011/01/27 00:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launchpad Enhanced
[2011/01/25 23:20:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\RIFT
[2011/01/24 14:08:10 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011/01/24 14:07:02 | 000,034,032 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/23 08:31:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/23 08:30:34 | 400,814,774 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/23 08:27:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2011/02/23 08:25:11 | 000,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/23 01:44:01 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/22 19:32:00 | 000,001,356 | ---- | M] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat
[2011/02/22 15:15:48 | 000,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/21 18:08:28 | 534,290,732 | ---- | M] () -- C:\Users\Tom\Desktop\RegistryDefaults.reg
[2011/02/21 16:23:57 | 006,218,073 | ---- | M] () -- C:\Users\Tom\Desktop\Exploring Final Cut Pro 7 (en).pdf
[2011/02/21 15:46:52 | 000,091,136 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 09:01:56 | 071,441,086 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/02/15 19:58:19 | 000,707,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/15 19:58:19 | 000,611,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/15 19:58:19 | 000,109,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/11 19:23:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01009.Wdf
[2011/02/11 19:23:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/02/10 19:40:19 | 000,383,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/10 15:22:33 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/01/24 18:38:56 | 000,010,302 | ---- | M] () -- C:\Users\Tom\Documents\covering letter altrtincham.docx
[2011/01/24 14:08:10 | 000,001,040 | ---- | M] () -- C:\Users\Tom\Desktop\Update Service.lnk
[2011/01/24 14:07:02 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/23 01:44:01 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/21 18:29:08 | 400,814,774 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/21 18:08:09 | 534,290,732 | ---- | C] () -- C:\Users\Tom\Desktop\RegistryDefaults.reg
[2011/02/21 16:23:56 | 006,218,073 | ---- | C] () -- C:\Users\Tom\Desktop\Exploring Final Cut Pro 7 (en).pdf
[2011/02/11 19:23:48 | 000,001,153 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2011/02/11 19:23:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01009.Wdf
[2011/02/11 19:23:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/02/11 19:22:41 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/02/11 19:18:09 | 000,414,796 | ---- | C] () -- C:\Users\Tom\AppData\Local\dd_vcredistMSI737F.txt
[2011/02/11 19:18:08 | 000,011,452 | ---- | C] () -- C:\Users\Tom\AppData\Local\dd_vcredistUI737F.txt
[2011/02/10 15:22:33 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/01/24 18:38:56 | 000,010,302 | ---- | C] () -- C:\Users\Tom\Documents\covering letter altrtincham.docx
[2011/01/24 14:08:10 | 000,001,040 | ---- | C] () -- C:\Users\Tom\Desktop\Update Service.lnk
[2010/10/26 15:18:17 | 000,363,748 | ---- | C] () -- C:\Users\Tom\AppData\Local\dd_vcredistMSI458C.txt
[2010/10/26 15:18:16 | 000,011,166 | ---- | C] () -- C:\Users\Tom\AppData\Local\dd_vcredistUI458C.txt
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/18 22:36:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/09/13 13:24:05 | 000,712,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/30 10:58:01 | 000,438,300 | ---- | C] () -- C:\Users\Tom\AppData\Local\dd_vcredistMSI5057.txt
[2009/10/30 10:58:00 | 000,011,390 | ---- | C] () -- C:\Users\Tom\AppData\Local\dd_vcredistUI5057.txt
[2009/10/21 10:27:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/21 10:26:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/09 01:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/06 19:43:28 | 001,065,472 | -HS- | C] () -- C:\Users\Tom\AppData\Local\ehthumbs_vista.db
[2008/11/16 15:38:00 | 000,008,866 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/10/31 16:51:31 | 000,028,097 | ---- | C] () -- C:\Users\Tom\AppData\Local\dd_depcheckdotnetfx30.txt
[2008/10/31 16:51:25 | 000,001,766 | ---- | C] () -- C:\Users\Tom\AppData\Local\uxeventlog.txt
[2008/10/31 16:51:25 | 000,000,604 | ---- | C] () -- C:\Users\Tom\AppData\Local\dd_dotnetfx3error.txt
[2008/10/31 16:51:24 | 000,031,990 | ---- | C] () -- C:\Users\Tom\AppData\Local\dd_dotnetfx3install.txt
[2008/10/13 15:25:55 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008/10/13 14:59:54 | 000,001,356 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat
[2008/10/12 02:11:23 | 000,014,066 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/10/12 02:11:04 | 000,013,742 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/10/12 02:06:51 | 000,000,732 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps64.dat
[2008/10/11 23:42:09 | 000,091,136 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 19:41:42 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2008/10/11 19:41:42 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2008/10/11 19:33:22 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008/10/11 19:33:22 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008/01/21 02:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/10/11 11:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/12/18 22:14:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.minecraft
[2011/02/23 06:50:42 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Azureus
[2008/10/23 16:24:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Bytemobile
[2009/12/08 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/04 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\com.lego.atlantis.map.378F106BB385931F5AB093715910D3DE0DE5652E.1
[2009/08/21 15:16:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\GetRightToGo
[2010/11/10 23:46:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Greyfirst
[2009/02/03 15:52:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\HCM Updater
[2009/08/21 14:59:57 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Leadertech
[2011/01/27 00:58:50 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\LPECommon
[2010/11/08 12:23:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\LuckaSoft
[2010/10/13 15:24:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ReaSoft
[2011/01/26 00:01:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\RIFT
[2011/02/20 21:13:33 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 06:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 07:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 07:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/28 02:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 06:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 05:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/21 02:47:50 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/21 02:48:30 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 02:47:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 02:47:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/21 02:49:28 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/21 02:49:28 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 02:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 02:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 02:48:49 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/21 02:48:49 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 07:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/21 02:48:54 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 02:49:41 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/10/12 10:56:10 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2008/10/12 02:06:28 | 000,171,136 | RHS- | M] () -- C:\grldr
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/02/23 08:30:34 | 312,668,159 | -HS- | M] () -- C:\pagefile.sys
[2008/10/12 02:19:55 | 000,000,467 | ---- | M] () -- C:\RHDSetup.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/10/25 22:46:48 | 000,262,162 | ---- | M] () -- C:\weed-dispensor-3259_file.tga

< %systemroot%\*. /mp /s >

< c:\windows\minidump\*.* >
[2011/02/21 18:30:07 | 000,271,040 | ---- | M] () -- c:\Windows\Minidump\Mini022111-01.dmp
[2011/02/21 18:32:51 | 000,288,000 | ---- | M] () -- c:\Windows\Minidump\Mini022111-02.dmp
[2011/02/22 15:15:03 | 000,284,488 | ---- | M] () -- c:\Windows\Minidump\Mini022211-01.dmp
[2011/02/22 16:37:45 | 000,289,504 | ---- | M] () -- c:\Windows\Minidump\Mini022211-02.dmp
[2011/02/23 01:10:05 | 000,266,912 | ---- | M] () -- c:\Windows\Minidump\Mini022311-01.dmp
[2011/02/23 01:13:13 | 000,271,040 | ---- | M] () -- c:\Windows\Minidump\Mini022311-02.dmp
[2011/02/23 06:56:01 | 000,271,040 | ---- | M] () -- c:\Windows\Minidump\Mini022311-03.dmp
[2011/02/23 06:59:12 | 000,271,040 | ---- | M] () -- c:\Windows\Minidump\Mini022311-04.dmp
[2011/02/23 08:28:18 | 000,290,120 | ---- | M] () -- c:\Windows\Minidump\Mini022311-05.dmp
[2011/02/23 08:31:19 | 000,271,040 | ---- | M] () -- c:\Windows\Minidump\Mini022311-06.dmp

< %systemroot%\System32\config\*.sav >

< c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP >

< c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP >

< >

< End of report >
  • 0

#5
Salagubang
Posted 23 February 2011 - 02:54 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Note: You can run CF on safemode if you cant boot on normal mode.

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

next

Please zip and attach this file on your next reply.

c:\Windows\Minidump\Mini022311-06.dmp
  • 0

#6
Casshern
Posted 23 February 2011 - 02:59 AM

Casshern

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey, I downloaded ComboFix fine, but as soon as I double clicked the application I got a blue screen error, Whats next ?
  • 0

#7
Salagubang
Posted 23 February 2011 - 03:03 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Hey, I downloaded ComboFix fine, but as soon as I double clicked the application I got a blue screen error, Whats next ?


Ok lets skip if for a while. Please upload the dump file I requested.

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#8
Casshern
Posted 23 February 2011 - 03:13 AM

Casshern

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry for slow reply, It takes a few minutes to recover after the BSOD and get back into a stable safe mode. Thats the Dump zip and I'll run that .exe now.]

edit: sorry actually attached it now.

Attached Files


Edited by Casshern, 23 February 2011 - 03:16 AM.

  • 0

#9
Casshern
Posted 23 February 2011 - 03:15 AM

Casshern

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Straight away it found 2 faked/infected things.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: P5K
Logical Drives Mask: 0x0000005d

Kernel Drivers (total 118):
0x02250000 \SystemRoot\system32\ntoskrnl.exe
0x0220A000 \SystemRoot\system32\hal.dll
0x0060F000 \SystemRoot\system32\kdcom.dll
0x00612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064D000 \SystemRoot\system32\PSHED.dll
0x00661000 \SystemRoot\system32\CLFS.SYS
0x006BE000 \SystemRoot\system32\CI.dll
0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008AC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008BB000 \SystemRoot\system32\drivers\acpi.sys
0x00911000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0091A000 \SystemRoot\system32\drivers\msisadrv.sys
0x00924000 \SystemRoot\system32\drivers\pci.sys
0x00954000 \SystemRoot\System32\drivers\partmgr.sys
0x00969000 \SystemRoot\system32\drivers\volmgr.sys
0x0097D000 \SystemRoot\System32\drivers\volmgrx.sys
0x009E3000 \SystemRoot\system32\drivers\pciide.sys
0x009EA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00770000 \SystemRoot\System32\drivers\mountmgr.sys
0x00800000 \SystemRoot\system32\drivers\atapi.sys
0x00783000 \SystemRoot\system32\drivers\ataport.SYS
0x007A7000 \SystemRoot\system32\DRIVERS\jraid.sys
0x007BC000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00A0A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A51000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A65000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C04000 \SystemRoot\system32\drivers\ndis.sys
0x00AEC000 \SystemRoot\system32\drivers\msrpc.sys
0x00B3C000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E04000 \SystemRoot\System32\drivers\tcpip.sys
0x00F7A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01000000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01180000 \SystemRoot\system32\drivers\volsnap.sys
0x011CC000 \SystemRoot\System32\Drivers\mup.sys
0x011DE000 \SystemRoot\system32\DRIVERS\JGOGO.sys
0x00FA6000 \SystemRoot\System32\drivers\ecache.sys
0x00FD2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x011E5000 \SystemRoot\system32\drivers\disk.sys
0x00DC7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DF3000 \SystemRoot\system32\drivers\crcdisk.sys
0x00BC2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00BCF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00BD8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02604000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0264A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0265B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02748000 \SystemRoot\system32\DRIVERS\l160x64.sys
0x0275A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x0276C000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x0277C000 \SystemRoot\system32\DRIVERS\fdc.sys
0x02789000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x027A7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x027B5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02802000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x0283B000 \SystemRoot\system32\DRIVERS\storport.sys
0x02898000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x028A5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x028C8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x028D4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02905000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02915000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02933000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0294B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x029E5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x027D1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x027DD000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x029F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02A07000 \SystemRoot\system32\DRIVERS\ks.sys
0x02A3B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02A46000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02A56000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02A9E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x02AA9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x02ABD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x02AC7000 \SystemRoot\System32\Drivers\Null.SYS
0x02AD0000 \SystemRoot\System32\drivers\vga.sys
0x02ADE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02B03000 \SystemRoot\System32\drivers\watchdog.sys
0x02B13000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02B1C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02B27000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02B38000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x02B41000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02B5E000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02B82000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02BC6000 \SystemRoot\system32\DRIVERS\smb.sys
0x0360B000 \SystemRoot\system32\drivers\afd.sys
0x03676000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03694000 \SystemRoot\system32\DRIVERS\netbios.sys
0x036A3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x036F0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x036FC000 \SystemRoot\system32\drivers\csc.sys
0x03772000 \SystemRoot\System32\Drivers\dfsc.sys
0x0378F000 \SystemRoot\system32\DRIVERS\udfs.sys
0x037DD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x037EB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x037F7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x02BE1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00BE4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03600000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03602000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x027E9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02BF4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02791000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0279C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x00B95000 \SystemRoot\System32\drivers\Dxapi.sys
0x004D0000 \SystemRoot\System32\drivers\dxg.sys
0x006A0000 \SystemRoot\System32\TSDDD.dll
0x00870000 \SystemRoot\System32\framebuf.dll
0x00BA1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0480F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04829000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04852000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0489B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x048BA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x048D2000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77900000 \Windows\System32\ntdll.dll

Processes (total 26):
0 System Idle Process
4 System
388 C:\Windows\System32\smss.exe
460 csrss.exe
496 csrss.exe
504 C:\Windows\System32\wininit.exe
532 C:\Windows\System32\winlogon.exe
588 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
128 C:\Windows\System32\svchost.exe
304 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\svchost.exe
676 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1520 C:\Windows\explorer.exe
1952 C:\Windows\System32\wbem\unsecapp.exe
2024 WmiPrvSE.exe
1452 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1272 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1036 C:\Users\Tom\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000008`62400000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3360320AS, Rev: 3.AAM
PhysicalDrive1 Model Number: ToshibaStorE HDD, Rev:

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 9EFCD394EE24712FDC2F26CC1AB52246A9C5A49A
465 GB \\.\PhysicalDrive1 MBR Code Faked!
SHA1: 622D31D9E665B9B0BE321CBE9E8F2692C878AFD0


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#10
Salagubang
Posted 23 February 2011 - 03:17 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

335 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 9EFCD394EE24712FDC2F26CC1AB52246A9C5A49A
465 GB \\.\PhysicalDrive1 MBR Code Faked!
SHA1: 622D31D9E665B9B0BE321CBE9E8F2692C878AFD0


Bah! Fakes! :D

Lets try some easy routes.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

Advertisements

#11
Casshern
Posted 23 February 2011 - 03:28 AM

Casshern

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay great news, TDSSKiller Cured a file "Harddisk01" or something, and then after I rebooted I was able to get back into normal mode, So far its a bit slow, but its not kicked me to BSOD yet, heres the TDSSKiller report.

2011/02/23 09:22:14.0586 1440 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/23 09:22:14.0867 1440 ================================================================================
2011/02/23 09:22:14.0867 1440 SystemInfo:
2011/02/23 09:22:14.0867 1440
2011/02/23 09:22:14.0867 1440 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/23 09:22:14.0867 1440 Product type: Workstation
2011/02/23 09:22:14.0867 1440 ComputerName: TOM-PC
2011/02/23 09:22:14.0867 1440 UserName: Tom
2011/02/23 09:22:14.0867 1440 Windows directory: C:\Windows
2011/02/23 09:22:14.0867 1440 System windows directory: C:\Windows
2011/02/23 09:22:14.0867 1440 Running under WOW64
2011/02/23 09:22:14.0867 1440 Processor architecture: Intel x64
2011/02/23 09:22:14.0867 1440 Number of processors: 4
2011/02/23 09:22:14.0867 1440 Page size: 0x1000
2011/02/23 09:22:14.0867 1440 Boot type: Safe boot with network
2011/02/23 09:22:14.0867 1440 ================================================================================
2011/02/23 09:22:15.0444 1440 Initialize success
2011/02/23 09:22:20.0124 1368 ================================================================================
2011/02/23 09:22:20.0124 1368 Scan started
2011/02/23 09:22:20.0124 1368 Mode: Manual;
2011/02/23 09:22:20.0124 1368 ================================================================================
2011/02/23 09:22:20.0748 1368 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/02/23 09:22:20.0826 1368 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/02/23 09:22:20.0889 1368 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/02/23 09:22:20.0935 1368 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/02/23 09:22:21.0013 1368 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/02/23 09:22:21.0123 1368 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/02/23 09:22:21.0169 1368 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/02/23 09:22:21.0216 1368 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/02/23 09:22:21.0294 1368 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/02/23 09:22:21.0357 1368 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/02/23 09:22:21.0419 1368 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/02/23 09:22:21.0481 1368 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/02/23 09:22:21.0544 1368 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/02/23 09:22:21.0622 1368 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/23 09:22:21.0684 1368 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/02/23 09:22:21.0731 1368 AtcL001 (8f36253373195831ba144002397ee3c5) C:\Windows\system32\DRIVERS\l160x64.sys
2011/02/23 09:22:21.0793 1368 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
2011/02/23 09:22:21.0903 1368 AvgLdx64 (276c5b14336452c8ce547ed5d00e0e62) C:\Windows\System32\Drivers\avgldx64.sys
2011/02/23 09:22:21.0965 1368 AvgMfx64 (b9c21c3753dcbccac6b62e1a560eb6f7) C:\Windows\System32\Drivers\avgmfx64.sys
2011/02/23 09:22:22.0027 1368 AvgTdiA (86d08cf28005f7f626a84d512f84d6c2) C:\Windows\System32\Drivers\avgtdia.sys
2011/02/23 09:22:22.0074 1368 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/02/23 09:22:22.0105 1368 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/23 09:22:22.0137 1368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/23 09:22:22.0168 1368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/02/23 09:22:22.0230 1368 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/02/23 09:22:22.0261 1368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/02/23 09:22:22.0277 1368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/23 09:22:22.0308 1368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/02/23 09:22:22.0339 1368 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/02/23 09:22:22.0417 1368 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
2011/02/23 09:22:22.0480 1368 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/23 09:22:22.0527 1368 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/23 09:22:22.0605 1368 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/02/23 09:22:22.0636 1368 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/02/23 09:22:22.0745 1368 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/02/23 09:22:22.0761 1368 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/02/23 09:22:22.0792 1368 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/23 09:22:22.0963 1368 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
2011/02/23 09:22:23.0057 1368 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/02/23 09:22:23.0119 1368 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/02/23 09:22:23.0182 1368 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
2011/02/23 09:22:23.0197 1368 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/02/23 09:22:23.0229 1368 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/02/23 09:22:23.0275 1368 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/02/23 09:22:23.0322 1368 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/23 09:22:23.0369 1368 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/02/23 09:22:23.0431 1368 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/02/23 09:22:23.0478 1368 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/02/23 09:22:23.0525 1368 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/02/23 09:22:23.0619 1368 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/02/23 09:22:23.0681 1368 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/02/23 09:22:23.0743 1368 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/23 09:22:23.0775 1368 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/02/23 09:22:23.0806 1368 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/02/23 09:22:23.0868 1368 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/23 09:22:23.0884 1368 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/02/23 09:22:23.0993 1368 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/02/23 09:22:24.0055 1368 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/23 09:22:24.0087 1368 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/23 09:22:24.0118 1368 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/23 09:22:24.0180 1368 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/02/23 09:22:24.0243 1368 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/23 09:22:24.0305 1368 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/02/23 09:22:24.0352 1368 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/02/23 09:22:24.0399 1368 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/23 09:22:24.0523 1368 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/02/23 09:22:24.0570 1368 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/02/23 09:22:24.0679 1368 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/02/23 09:22:24.0757 1368 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/23 09:22:24.0820 1368 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/02/23 09:22:24.0882 1368 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/02/23 09:22:24.0976 1368 IntcAzAudAddService (dfe66f9c8b74bafbc1c54052552571ff) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/23 09:22:25.0085 1368 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/02/23 09:22:25.0132 1368 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/23 09:22:25.0225 1368 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/23 09:22:25.0288 1368 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/23 09:22:25.0319 1368 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/23 09:22:25.0350 1368 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/02/23 09:22:25.0397 1368 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/02/23 09:22:25.0459 1368 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/23 09:22:25.0475 1368 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/02/23 09:22:25.0522 1368 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/02/23 09:22:25.0569 1368 JGOGO (7ff7db8466da74da7ad64a55f31221f6) C:\Windows\system32\DRIVERS\JGOGO.sys
2011/02/23 09:22:25.0584 1368 JRAID (d184df5643f36c79ba75d4f98100ec28) C:\Windows\system32\DRIVERS\jraid.sys
2011/02/23 09:22:25.0615 1368 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/23 09:22:25.0647 1368 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/23 09:22:25.0709 1368 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/23 09:22:25.0771 1368 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/02/23 09:22:25.0849 1368 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/02/23 09:22:25.0896 1368 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/23 09:22:25.0943 1368 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/23 09:22:25.0974 1368 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/23 09:22:26.0021 1368 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/23 09:22:26.0052 1368 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/02/23 09:22:26.0099 1368 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/02/23 09:22:26.0146 1368 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/02/23 09:22:26.0193 1368 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/02/23 09:22:26.0224 1368 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/23 09:22:26.0255 1368 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/23 09:22:26.0271 1368 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/23 09:22:26.0286 1368 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/02/23 09:22:26.0333 1368 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/02/23 09:22:26.0364 1368 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/23 09:22:26.0380 1368 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/23 09:22:26.0427 1368 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/02/23 09:22:26.0473 1368 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/23 09:22:26.0505 1368 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/23 09:22:26.0551 1368 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/23 09:22:26.0583 1368 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/02/23 09:22:26.0614 1368 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/02/23 09:22:26.0676 1368 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/02/23 09:22:26.0707 1368 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/02/23 09:22:26.0785 1368 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/23 09:22:26.0832 1368 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/23 09:22:26.0863 1368 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/02/23 09:22:26.0926 1368 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/02/23 09:22:26.0973 1368 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/23 09:22:27.0051 1368 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/02/23 09:22:27.0113 1368 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/02/23 09:22:27.0129 1368 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/02/23 09:22:27.0175 1368 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/23 09:22:27.0253 1368 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/02/23 09:22:27.0300 1368 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/23 09:22:27.0316 1368 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/23 09:22:27.0363 1368 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/23 09:22:27.0394 1368 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/02/23 09:22:27.0425 1368 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/23 09:22:27.0472 1368 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/23 09:22:27.0519 1368 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/02/23 09:22:27.0581 1368 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/02/23 09:22:27.0628 1368 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/23 09:22:27.0706 1368 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/02/23 09:22:27.0753 1368 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/02/23 09:22:28.0049 1368 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/23 09:22:28.0314 1368 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/02/23 09:22:28.0345 1368 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/02/23 09:22:28.0377 1368 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/02/23 09:22:28.0470 1368 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/23 09:22:28.0517 1368 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/02/23 09:22:28.0564 1368 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/02/23 09:22:28.0673 1368 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/02/23 09:22:28.0735 1368 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/02/23 09:22:28.0767 1368 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/02/23 09:22:28.0813 1368 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/02/23 09:22:28.0938 1368 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/23 09:22:28.0985 1368 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/02/23 09:22:29.0063 1368 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/23 09:22:29.0110 1368 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/02/23 09:22:29.0188 1368 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/02/23 09:22:29.0235 1368 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/23 09:22:29.0250 1368 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/23 09:22:29.0313 1368 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/23 09:22:29.0359 1368 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/23 09:22:29.0422 1368 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/23 09:22:29.0453 1368 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/23 09:22:29.0531 1368 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/23 09:22:29.0609 1368 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/02/23 09:22:29.0718 1368 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/23 09:22:30.0046 1368 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/02/23 09:22:30.0124 1368 RimUsb (71700b4c5797da5412e9250e26894586) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/02/23 09:22:30.0171 1368 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/02/23 09:22:30.0186 1368 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
2011/02/23 09:22:30.0249 1368 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/23 09:22:30.0342 1368 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/02/23 09:22:30.0373 1368 s0016mdfl (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/02/23 09:22:30.0420 1368 s0016mdm (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/02/23 09:22:30.0451 1368 s0016mgmt (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/02/23 09:22:30.0514 1368 s0016nd5 (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/02/23 09:22:30.0561 1368 s0016obex (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/02/23 09:22:30.0623 1368 s0016unic (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/02/23 09:22:30.0670 1368 s816bus (81f778d9f3f71f48f498ca1f773d1539) C:\Windows\system32\DRIVERS\s816bus.sys
2011/02/23 09:22:30.0701 1368 s816mdfl (3f4e14192b72a148dd508329e04affd4) C:\Windows\system32\DRIVERS\s816mdfl.sys
2011/02/23 09:22:30.0748 1368 s816mdm (17a29b53dfd7e9cd8043b7adadb83f22) C:\Windows\system32\DRIVERS\s816mdm.sys
2011/02/23 09:22:30.0795 1368 s816mgmt (f9ba1c5df3854d36ea1f7086feb97643) C:\Windows\system32\DRIVERS\s816mgmt.sys
2011/02/23 09:22:30.0826 1368 s816nd5 (0323c1accd67844304d69e6bfd93e52d) C:\Windows\system32\DRIVERS\s816nd5.sys
2011/02/23 09:22:30.0888 1368 s816obex (f8e19bfb8a67407cd54c5fd63f7b3c17) C:\Windows\system32\DRIVERS\s816obex.sys
2011/02/23 09:22:30.0919 1368 s816unic (b8a998b3a7d6da10221d479e4dde5ef7) C:\Windows\system32\DRIVERS\s816unic.sys
2011/02/23 09:22:30.0966 1368 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/02/23 09:22:31.0060 1368 SCDEmu (240cd9582625bc49cc9fa6fcac883aa0) C:\Windows\system32\drivers\SCDEmu.sys
2011/02/23 09:22:31.0107 1368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/23 09:22:31.0185 1368 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
2011/02/23 09:22:31.0231 1368 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/23 09:22:31.0263 1368 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/02/23 09:22:31.0294 1368 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/02/23 09:22:31.0341 1368 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/02/23 09:22:31.0387 1368 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/23 09:22:31.0419 1368 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/23 09:22:31.0450 1368 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/02/23 09:22:31.0497 1368 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/02/23 09:22:31.0559 1368 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/02/23 09:22:31.0621 1368 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/02/23 09:22:31.0684 1368 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/02/23 09:22:31.0731 1368 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2011/02/23 09:22:31.0777 1368 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/23 09:22:31.0809 1368 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/23 09:22:31.0887 1368 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
2011/02/23 09:22:31.0933 1368 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/23 09:22:31.0965 1368 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/02/23 09:22:31.0996 1368 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/02/23 09:22:32.0011 1368 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/02/23 09:22:32.0136 1368 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/02/23 09:22:32.0199 1368 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/23 09:22:32.0245 1368 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/23 09:22:32.0292 1368 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/02/23 09:22:32.0339 1368 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/02/23 09:22:32.0386 1368 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/23 09:22:32.0417 1368 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/23 09:22:32.0479 1368 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/23 09:22:32.0542 1368 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/23 09:22:32.0573 1368 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/23 09:22:32.0620 1368 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/02/23 09:22:32.0667 1368 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/23 09:22:32.0713 1368 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/23 09:22:32.0745 1368 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/02/23 09:22:32.0791 1368 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/02/23 09:22:32.0807 1368 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/02/23 09:22:32.0838 1368 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/23 09:22:32.0932 1368 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/23 09:22:32.0979 1368 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/02/23 09:22:33.0057 1368 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/23 09:22:33.0103 1368 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/23 09:22:33.0166 1368 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/02/23 09:22:33.0197 1368 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/23 09:22:33.0244 1368 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/23 09:22:33.0259 1368 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/23 09:22:33.0306 1368 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/23 09:22:33.0337 1368 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/23 09:22:33.0369 1368 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/02/23 09:22:33.0400 1368 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/02/23 09:22:33.0447 1368 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/02/23 09:22:33.0525 1368 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/02/23 09:22:33.0571 1368 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/02/23 09:22:33.0618 1368 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/02/23 09:22:33.0681 1368 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/02/23 09:22:33.0712 1368 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/23 09:22:33.0743 1368 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/23 09:22:33.0805 1368 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/02/23 09:22:33.0868 1368 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/23 09:22:34.0071 1368 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/23 09:22:34.0133 1368 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/23 09:22:34.0180 1368 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/23 09:22:34.0258 1368 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/23 09:22:34.0320 1368 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/23 09:22:34.0336 1368 ================================================================================
2011/02/23 09:22:34.0336 1368 Scan finished
2011/02/23 09:22:34.0336 1368 ================================================================================
2011/02/23 09:22:34.0367 1984 Detected object count: 1
2011/02/23 09:22:39.0983 1984 \HardDisk0 - will be cured after reboot
2011/02/23 09:22:39.0983 1984 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/23 09:22:49.0203 1868 Deinitialize success
  • 0

#12
Salagubang
Posted 23 February 2011 - 03:31 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Excellent. :D

Nasty stuff. Keep on firing so they won't have chance to recover. :D

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

nexT

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#13
Casshern
Posted 23 February 2011 - 03:40 AM

Casshern

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The 1st log file here, Will do 2nd one right now. Your a LEGEND btw.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5848

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

23/02/2011 09:40:16
mbam-log-2011-02-23 (09-40-16).txt

Scan type: Quick scan
Objects scanned: 167651
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
Casshern
Posted 23 February 2011 - 04:12 AM

Casshern

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Just a quick update, the 2nd scan is almost complete and hasn't found any infections thus far, Should be able to post it in the next 5 minutes.
  • 0

#15
Salagubang
Posted 23 February 2011 - 04:22 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

What do you use the second drive for?
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP