Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 Repair and W32 Blaster Worm, Adware


  • This topic is locked This topic is locked

#1
dc523680

dc523680

    Member

  • Member
  • PipPip
  • 44 posts
Hello,

Over the past few days I have dealt with two different virus infections. The first one was Windows 7 repair and I think I removed it with by using Rkill, Malwarebytes, and unhide.exe. I then received the W32 Blaster worm and followed the same steps. I think the virus is gone but there is a ton of adware that keeps reinstalling itself. Everytime I run malwarebytes or superantispyware it always finds infections and a ton of adware. I hit remove and restart and the infetion is still there. The ads immediately pop up when im on the internet browsing for no longer than two minutes. As I was writing this, Windows essentials just blocked four virus installation attempts. I am running windows 7 and I will post a log for you to review. I appreciate any help as this has been driving me crazy! Thank you

OTL logfile created on: 7/8/2011 8:44:37 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Dan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 52.00% Memory free
5.86 Gb Paging File | 3.95 Gb Available in Paging File | 67.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.51 Gb Total Space | 187.01 Gb Free Space | 65.50% Space Free | Partition Type: NTFS
Drive D: | 12.39 Gb Total Space | 2.04 Gb Free Space | 16.44% Space Free | Partition Type: NTFS
Drive F: | 968.25 Mb Total Space | 460.19 Mb Free Space | 47.53% Space Free | Partition Type: FAT

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 20:31:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- F:\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/05/03 11:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/07/16 15:35:18 | 000,130,400 | ---- | M] (Microsoft Corp.) -- c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe


========== Modules (SafeList) ==========

MOD - [2011/07/08 20:31:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/09/24 00:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/29 15:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/28 21:41:49 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/18 19:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/09/21 23:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/29 20:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/29 20:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/13 18:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/10 10:45:10 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/06/23 20:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/19 00:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 15:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/08/31 17:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/06/21 20:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 20:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 20:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/09/24 01:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...D-C640E4B342B6}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.51


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\My MPC\Rpplugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\My MPC\Rpplugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/02 23:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/16 14:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/19 09:50:28 | 000,000,000 | ---D | M]

[2010/07/15 19:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2010/07/15 19:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/28 21:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions
[2010/05/16 14:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/02 23:32:42 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Driver Fetch] File not found
O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 20:31:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/07/08 18:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/08 18:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/07 21:43:46 | 000,135,360 | ---- | C] (Symantec Corporation) -- C:\Users\Dan\Desktop\FixBlast.exe
[2011/07/07 19:31:37 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/07/06 22:57:22 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes
[2011/07/06 22:54:23 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 22:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/06 22:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/06 21:33:17 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
[2011/06/19 09:50:38 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\acccore
[2011/06/19 09:50:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\AOL
[2011/06/19 09:50:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\AIM
[2011/06/19 09:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/06/19 09:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2011/06/19 09:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/06/19 09:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2011/06/19 09:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011/04/28 21:41:49 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dan\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/07/08 20:34:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 20:34:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 20:31:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/07/08 20:21:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/08 20:21:04 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 18:30:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/08 18:29:46 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/08 18:29:46 | 000,617,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/08 18:29:46 | 000,104,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/07 21:43:46 | 000,135,360 | ---- | M] (Symantec Corporation) -- C:\Users\Dan\Desktop\FixBlast.exe
[2011/07/07 21:19:17 | 000,013,915 | ---- | M] () -- C:\Users\Dan\Desktop\iexplore - Shortcut.lnk
[2011/07/07 20:20:30 | 001,008,041 | ---- | M] () -- C:\rkill.com
[2011/07/06 23:16:21 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/06 23:09:48 | 001,008,041 | ---- | M] () -- C:\Users\Dan\Desktop\rkill.com
[2011/07/06 22:54:23 | 000,000,522 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 21:39:14 | 000,000,392 | ---- | M] () -- C:\ProgramData\37674744
[2011/07/06 21:36:40 | 000,000,248 | ---- | M] () -- C:\ProgramData\~37674744
[2011/07/06 21:36:40 | 000,000,176 | ---- | M] () -- C:\ProgramData\~37674744r
[2011/07/05 20:50:41 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDan.job
[2011/07/03 02:02:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2011/07/02 10:27:08 | 000,000,000 | ---- | M] () -- C:\Users\Dan\Documents\Default.rdp
[2011/06/29 16:03:12 | 000,341,476 | ---- | M] () -- C:\Users\Dan\Documents\Personality Disorders.pdf
[2011/06/28 11:16:22 | 000,083,008 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst today 5 3 255.pdf
[2011/06/28 11:15:11 | 000,072,483 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1 65.pdf
[2011/06/28 11:12:56 | 000,097,145 | ---- | M] () -- C:\Users\Dan\Documents\Behavior analyst today 7 1.pdf
[2011/06/20 23:21:45 | 000,083,008 | ---- | M] () -- C:\Users\Dan\Documents\Behavior analyst today 5 3.pdf
[2011/06/20 23:20:28 | 000,072,483 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1.pdf
[2011/06/20 23:17:44 | 000,097,145 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst Today.pdf
[2011/06/19 09:50:37 | 000,000,360 | ---- | M] () -- C:\IPH.PH
[2011/06/19 09:50:31 | 000,001,935 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/19 09:50:31 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/06/10 20:19:32 | 000,000,755 | ---- | M] () -- C:\Users\Dan\Documents\CRAFT.htm
[2011/06/10 20:18:15 | 000,058,184 | ---- | M] () -- C:\Users\Dan\Documents\CRA and CRAFT.pdf
[2011/06/10 20:16:15 | 000,136,875 | ---- | M] () -- C:\Users\Dan\Documents\Cue Exposure.pdf
[2011/06/08 23:35:41 | 000,058,184 | ---- | M] () -- C:\Users\Dan\Documents\Betty Ford Source 3.pdf
[2011/06/08 23:19:30 | 000,012,172 | ---- | M] () -- C:\Users\Dan\Documents\pdfviewer.htm

========== Files Created - No Company Name ==========

[2011/07/08 18:30:00 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/08 18:29:46 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/08 18:29:40 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/07 21:19:17 | 000,013,915 | ---- | C] () -- C:\Users\Dan\Desktop\iexplore - Shortcut.lnk
[2011/07/07 21:16:08 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/07/07 21:16:08 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Play HP Games.lnk
[2011/07/07 21:16:08 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/07 21:16:08 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2011/07/07 21:16:08 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/07 21:16:08 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/07/07 21:16:08 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/07/07 21:16:08 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/07 21:16:08 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/07/07 21:16:08 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/07/07 21:16:08 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
[2011/07/07 21:16:08 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/07/07 21:16:08 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\My Player.lnk
[2011/07/07 21:16:00 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/07/07 21:16:00 | 000,000,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\nvcrk.lnk
[2011/07/07 21:15:59 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/07/07 21:15:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/07 21:15:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/07 21:15:59 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/07/07 21:15:59 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/07/07 21:15:59 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/07/07 21:15:59 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/07/07 21:15:59 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/07/07 21:15:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/07/07 21:15:59 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/07/07 21:15:59 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/07/07 21:15:59 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/07/07 21:15:59 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/07/07 21:15:59 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/07/07 21:15:59 | 000,000,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2011/07/07 20:21:57 | 001,008,041 | ---- | C] () -- C:\rkill.com
[2011/07/07 19:31:42 | 000,000,522 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 23:17:56 | 001,008,041 | ---- | C] () -- C:\Users\Dan\Desktop\rkill.com
[2011/07/06 21:33:17 | 000,000,248 | ---- | C] () -- C:\ProgramData\~37674744
[2011/07/06 21:33:17 | 000,000,176 | ---- | C] () -- C:\ProgramData\~37674744r
[2011/07/06 21:33:12 | 000,000,392 | ---- | C] () -- C:\ProgramData\37674744
[2011/07/02 10:27:08 | 000,000,000 | ---- | C] () -- C:\Users\Dan\Documents\Default.rdp
[2011/06/29 16:03:09 | 000,341,476 | ---- | C] () -- C:\Users\Dan\Documents\Personality Disorders.pdf
[2011/06/28 11:16:21 | 000,083,008 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst today 5 3 255.pdf
[2011/06/28 11:15:10 | 000,072,483 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1 65.pdf
[2011/06/28 11:12:52 | 000,097,145 | ---- | C] () -- C:\Users\Dan\Documents\Behavior analyst today 7 1.pdf
[2011/06/20 23:21:43 | 000,083,008 | ---- | C] () -- C:\Users\Dan\Documents\Behavior analyst today 5 3.pdf
[2011/06/20 23:20:26 | 000,072,483 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1.pdf
[2011/06/20 23:17:42 | 000,097,145 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst Today.pdf
[2011/06/19 09:50:31 | 000,001,935 | ---- | C] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/19 09:50:10 | 000,000,360 | ---- | C] () -- C:\IPH.PH
[2011/06/10 20:19:32 | 000,000,755 | ---- | C] () -- C:\Users\Dan\Documents\CRAFT.htm
[2011/06/10 20:18:13 | 000,058,184 | ---- | C] () -- C:\Users\Dan\Documents\CRA and CRAFT.pdf
[2011/06/10 20:16:12 | 000,136,875 | ---- | C] () -- C:\Users\Dan\Documents\Cue Exposure.pdf
[2011/06/08 23:35:40 | 000,058,184 | ---- | C] () -- C:\Users\Dan\Documents\Betty Ford Source 3.pdf
[2011/06/08 23:19:29 | 000,012,172 | ---- | C] () -- C:\Users\Dan\Documents\pdfviewer.htm
[2011/04/28 21:41:49 | 000,099,384 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\inst.exe
[2011/04/28 21:41:49 | 000,007,859 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\pcouffin.cat
[2011/04/28 21:41:49 | 000,001,167 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\pcouffin.inf
[2010/05/18 21:09:00 | 000,231,448 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2010/05/18 21:09:00 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010/05/18 08:43:07 | 000,000,878 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\wklnhst.dat
[2010/05/16 16:26:27 | 000,160,768 | ---- | C] () -- C:\Windows\SysWow64\Unrar.dll
[2010/05/16 16:26:25 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/16 16:26:21 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/16 16:26:21 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/16 16:26:21 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\v2k2_dec.dll
[2010/05/16 02:40:14 | 000,231,448 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/05/16 02:40:14 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2010/01/26 23:29:12 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/01/26 23:29:12 | 000,000,253 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/13 18:51:32 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/08/13 18:51:30 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/13 18:51:30 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/13 18:51:30 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 20:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2005/08/26 18:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 18:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 18:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== LOP Check ==========

[2011/06/19 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\acccore
[2011/06/05 15:52:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/28 21:51:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DeepBurner
[2011/01/02 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DriverCure
[2010/08/15 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\iWin
[2011/07/08 20:23:28 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LimeWire
[2011/02/06 16:17:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Local
[2011/01/02 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ParetoLogic
[2010/08/13 23:57:45 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PlayFirst
[2010/12/02 23:33:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Research In Motion
[2010/05/18 08:43:15 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Template
[2011/03/01 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Titanium Gears
[2011/04/28 21:42:32 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Vso
[2010/05/21 17:03:35 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WildTangent
[2010/12/02 23:33:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WildTangentv1001
[2011/07/03 02:02:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job
[2011/05/10 21:31:30 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there let me remove what I can see first and see if that makes a difference

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe ()
    [2011/07/06 21:33:17 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
    [2011/07/06 21:39:14 | 000,000,392 | ---- | M] () -- C:\ProgramData\37674744
    [2011/07/06 21:36:40 | 000,000,248 | ---- | M] () -- C:\ProgramData\~37674744
    [2011/07/06 21:36:40 | 000,000,176 | ---- | M] () -- C:\ProgramData\~37674744r
    [2011/07/06 21:33:17 | 000,000,248 | ---- | C] () -- C:\ProgramData\~37674744
    [2011/07/06 21:33:17 | 000,000,176 | ---- | C] () -- C:\ProgramData\~37674744r
    [2011/07/06 21:33:12 | 000,000,392 | ---- | C] () -- C:\ProgramData\37674744

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
dc523680

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hello,

Thanks for your reply. I followed all your instructions. Here is the new otl

OTL logfile created on: 7/10/2011 1:48:29 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Dan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 65.31% Memory free
5.86 Gb Paging File | 4.71 Gb Available in Paging File | 80.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.51 Gb Total Space | 186.39 Gb Free Space | 65.28% Space Free | Partition Type: NTFS
Drive D: | 12.39 Gb Total Space | 2.06 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
Drive F: | 968.25 Mb Total Space | 460.19 Mb Free Space | 47.53% Space Free | Partition Type: FAT

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 20:31:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe


========== Modules (SafeList) ==========

MOD - [2011/07/08 20:31:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 00:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/29 15:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/28 21:41:49 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/18 19:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/09/21 23:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/29 20:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/29 20:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/13 18:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/10 10:45:10 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/06/23 20:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/19 00:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 15:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/08/31 17:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/06/21 20:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 20:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 20:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/09/24 01:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...D-C640E4B342B6}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.51


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\My MPC\Rpplugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\My MPC\Rpplugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/02 23:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/16 14:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/19 09:50:28 | 000,000,000 | ---D | M]

[2010/07/15 19:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2010/07/15 19:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/28 21:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\extensions
[2010/05/16 14:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/02 23:32:42 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3

O1 HOSTS File: ([2011/07/10 01:41:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Driver Fetch] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 01:51:27 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Dan\Desktop\aswMBR.exe
[2011/07/10 01:41:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/09 01:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/08 20:31:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/07/08 18:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/08 18:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/07 21:43:46 | 000,135,360 | ---- | C] (Symantec Corporation) -- C:\Users\Dan\Desktop\FixBlast.exe
[2011/07/07 19:31:37 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/07/06 22:57:22 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes
[2011/07/06 22:54:23 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 22:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/06 22:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/19 09:50:38 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\acccore
[2011/06/19 09:50:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\AOL
[2011/06/19 09:50:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\AIM
[2011/06/19 09:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/06/19 09:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2011/06/19 09:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/06/19 09:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2011/06/19 09:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011/04/28 21:41:49 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dan\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/07/10 01:51:27 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Dan\Desktop\aswMBR.exe
[2011/07/10 01:46:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/10 01:46:29 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/10 01:41:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/10 00:24:15 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 00:24:15 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/09 23:43:37 | 000,741,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/09 23:43:37 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/09 23:43:37 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/09 01:57:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/08 20:31:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011/07/08 18:30:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/08 18:29:46 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/07 21:43:46 | 000,135,360 | ---- | M] (Symantec Corporation) -- C:\Users\Dan\Desktop\FixBlast.exe
[2011/07/07 21:19:17 | 000,013,915 | ---- | M] () -- C:\Users\Dan\Desktop\iexplore - Shortcut.lnk
[2011/07/07 20:20:30 | 001,008,041 | ---- | M] () -- C:\rkill.com
[2011/07/06 23:09:48 | 001,008,041 | ---- | M] () -- C:\Users\Dan\Desktop\rkill.com
[2011/07/06 22:54:23 | 000,000,522 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/05 20:50:41 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDan.job
[2011/07/03 02:02:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2011/07/02 10:27:08 | 000,000,000 | ---- | M] () -- C:\Users\Dan\Documents\Default.rdp
[2011/06/29 16:03:12 | 000,341,476 | ---- | M] () -- C:\Users\Dan\Documents\Personality Disorders.pdf
[2011/06/28 11:16:22 | 000,083,008 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst today 5 3 255.pdf
[2011/06/28 11:15:11 | 000,072,483 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1 65.pdf
[2011/06/28 11:12:56 | 000,097,145 | ---- | M] () -- C:\Users\Dan\Documents\Behavior analyst today 7 1.pdf
[2011/06/20 23:21:45 | 000,083,008 | ---- | M] () -- C:\Users\Dan\Documents\Behavior analyst today 5 3.pdf
[2011/06/20 23:20:28 | 000,072,483 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1.pdf
[2011/06/20 23:17:44 | 000,097,145 | ---- | M] () -- C:\Users\Dan\Documents\Behavior Analyst Today.pdf
[2011/06/19 09:50:37 | 000,000,360 | ---- | M] () -- C:\IPH.PH
[2011/06/19 09:50:31 | 000,001,935 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/19 09:50:31 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/06/10 20:19:32 | 000,000,755 | ---- | M] () -- C:\Users\Dan\Documents\CRAFT.htm
[2011/06/10 20:18:15 | 000,058,184 | ---- | M] () -- C:\Users\Dan\Documents\CRA and CRAFT.pdf
[2011/06/10 20:16:15 | 000,136,875 | ---- | M] () -- C:\Users\Dan\Documents\Cue Exposure.pdf

========== Files Created - No Company Name ==========

[2011/07/09 01:57:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/08 18:30:00 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/08 18:29:46 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/08 18:29:40 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/07 21:19:17 | 000,013,915 | ---- | C] () -- C:\Users\Dan\Desktop\iexplore - Shortcut.lnk
[2011/07/07 21:16:08 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/07/07 21:16:08 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Play HP Games.lnk
[2011/07/07 21:16:08 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/07 21:16:08 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2011/07/07 21:16:08 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/07 21:16:08 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/07/07 21:16:08 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/07/07 21:16:08 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/07 21:16:08 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/07/07 21:16:08 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/07/07 21:16:08 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
[2011/07/07 21:16:08 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/07/07 21:16:08 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\My Player.lnk
[2011/07/07 21:15:59 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/07/07 21:15:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/07 21:15:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/07 21:15:59 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/07/07 21:15:59 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/07/07 21:15:59 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/07/07 21:15:59 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/07/07 21:15:59 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/07/07 21:15:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/07/07 21:15:59 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/07/07 21:15:59 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/07/07 21:15:59 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/07/07 21:15:59 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/07/07 21:15:59 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/07/07 21:15:59 | 000,000,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2011/07/07 20:21:57 | 001,008,041 | ---- | C] () -- C:\rkill.com
[2011/07/07 19:31:42 | 000,000,522 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 23:17:56 | 001,008,041 | ---- | C] () -- C:\Users\Dan\Desktop\rkill.com
[2011/07/02 10:27:08 | 000,000,000 | ---- | C] () -- C:\Users\Dan\Documents\Default.rdp
[2011/06/29 16:03:09 | 000,341,476 | ---- | C] () -- C:\Users\Dan\Documents\Personality Disorders.pdf
[2011/06/28 11:16:21 | 000,083,008 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst today 5 3 255.pdf
[2011/06/28 11:15:10 | 000,072,483 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1 65.pdf
[2011/06/28 11:12:52 | 000,097,145 | ---- | C] () -- C:\Users\Dan\Documents\Behavior analyst today 7 1.pdf
[2011/06/20 23:21:43 | 000,083,008 | ---- | C] () -- C:\Users\Dan\Documents\Behavior analyst today 5 3.pdf
[2011/06/20 23:20:26 | 000,072,483 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst Today 6 1.pdf
[2011/06/20 23:17:42 | 000,097,145 | ---- | C] () -- C:\Users\Dan\Documents\Behavior Analyst Today.pdf
[2011/06/19 09:50:31 | 000,001,935 | ---- | C] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/19 09:50:10 | 000,000,360 | ---- | C] () -- C:\IPH.PH
[2011/06/10 20:19:32 | 000,000,755 | ---- | C] () -- C:\Users\Dan\Documents\CRAFT.htm
[2011/06/10 20:18:13 | 000,058,184 | ---- | C] () -- C:\Users\Dan\Documents\CRA and CRAFT.pdf
[2011/06/10 20:16:12 | 000,136,875 | ---- | C] () -- C:\Users\Dan\Documents\Cue Exposure.pdf
[2011/04/28 21:41:49 | 000,099,384 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\inst.exe
[2011/04/28 21:41:49 | 000,007,859 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\pcouffin.cat
[2011/04/28 21:41:49 | 000,001,167 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\pcouffin.inf
[2010/05/18 21:09:00 | 000,231,448 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2010/05/18 21:09:00 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010/05/18 08:43:07 | 000,000,878 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\wklnhst.dat
[2010/05/16 16:26:27 | 000,160,768 | ---- | C] () -- C:\Windows\SysWow64\Unrar.dll
[2010/05/16 16:26:25 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/16 16:26:21 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/16 16:26:21 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/16 16:26:21 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\v2k2_dec.dll
[2010/05/16 02:40:14 | 000,231,448 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/05/16 02:40:14 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2010/01/26 23:29:12 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/01/26 23:29:12 | 000,000,253 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/13 18:51:32 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/08/13 18:51:30 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/13 18:51:30 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/13 18:51:30 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 20:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2005/08/26 18:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 18:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 18:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== LOP Check ==========

[2011/06/19 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\acccore
[2011/06/05 15:52:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/28 21:51:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DeepBurner
[2011/01/02 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DriverCure
[2010/08/15 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\iWin
[2011/07/09 01:31:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LimeWire
[2011/02/06 16:17:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Local
[2011/01/02 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ParetoLogic
[2010/08/13 23:57:45 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PlayFirst
[2010/12/02 23:33:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Research In Motion
[2010/05/18 08:43:15 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Template
[2011/03/01 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Titanium Gears
[2011/04/28 21:42:32 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Vso
[2010/05/21 17:03:35 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WildTangent
[2010/12/02 23:33:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WildTangentv1001
[2011/07/03 02:02:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job
[2011/05/10 21:31:30 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


And finally, here is the other log from the scan you instructed me to do.

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-10 05:14:55
-----------------------------
05:14:55.416 OS Version: Windows x64 6.1.7600
05:14:55.416 Number of processors: 2 586 0x170A
05:14:55.416 ComputerName: DAN-PC UserName: Dan
05:14:57.397 Initialize success
05:15:05.119 AVAST engine defs: 11070901
05:15:35.594 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
05:15:35.610 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
05:15:37.653 Disk 0 MBR read successfully
05:15:37.653 Disk 0 MBR scan
05:15:37.653 Disk 0 unknown MBR code
05:15:37.653 Disk 0 MBR hidden
05:15:37.669 Service scanning
05:15:38.667 Disk 0 trace - called modules:
05:15:38.683 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80033b1254]<<
05:15:38.683 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003398220]
05:15:38.699 3 CLASSPNP.SYS[fffff8800112843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e221f0]
05:15:38.699 \Driver\atapi[0xfffffa8002ddb510] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80033b1254
05:15:39.837 AVAST engine scan C:\Windows
05:28:52.631 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
05:28:53.270 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
05:28:53.380 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
05:28:53.598 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
05:28:53.707 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
05:28:53.926 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
05:29:07.950 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
06:28:37.548 AVAST engine scan C:\Users\Dan
06:36:45.470 AVAST engine scan C:\ProgramData
06:49:35.394 Scan finished successfully
08:53:34.050 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
08:53:34.066 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR.txt"


Im still having difficulty with pop ups and having internet explorer redirecting my web pages to adware.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets clear that now - on completion of this run can you let me know what problems remain



Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
dc523680

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I ran the scan and nothing was found. Here is the report that was generated:

2011/07/10 09:52:57.0122 4308 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/10 09:52:57.0465 4308 ================================================================================
2011/07/10 09:52:57.0465 4308 SystemInfo:
2011/07/10 09:52:57.0465 4308
2011/07/10 09:52:57.0465 4308 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/10 09:52:57.0465 4308 Product type: Workstation
2011/07/10 09:52:57.0465 4308 ComputerName: DAN-PC
2011/07/10 09:52:57.0465 4308 UserName: Dan
2011/07/10 09:52:57.0465 4308 Windows directory: C:\Windows
2011/07/10 09:52:57.0465 4308 System windows directory: C:\Windows
2011/07/10 09:52:57.0465 4308 Running under WOW64
2011/07/10 09:52:57.0481 4308 Processor architecture: Intel x64
2011/07/10 09:52:57.0481 4308 Number of processors: 2
2011/07/10 09:52:57.0481 4308 Page size: 0x1000
2011/07/10 09:52:57.0481 4308 Boot type: Normal boot
2011/07/10 09:52:57.0481 4308 ================================================================================
2011/07/10 09:52:58.0994 4308 Initialize success
2011/07/10 09:53:06.0654 2700 ================================================================================
2011/07/10 09:53:06.0654 2700 Scan started
2011/07/10 09:53:06.0654 2700 Mode: Manual;
2011/07/10 09:53:06.0654 2700 ================================================================================
2011/07/10 09:53:08.0697 2700 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/10 09:53:08.0760 2700 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/10 09:53:08.0806 2700 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/10 09:53:08.0869 2700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/10 09:53:08.0947 2700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/10 09:53:08.0994 2700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/10 09:53:09.0103 2700 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/10 09:53:09.0165 2700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/10 09:53:09.0228 2700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/10 09:53:09.0259 2700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/10 09:53:09.0337 2700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/10 09:53:09.0368 2700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/10 09:53:09.0415 2700 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/10 09:53:09.0555 2700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/10 09:53:09.0586 2700 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/10 09:53:09.0633 2700 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/10 09:53:09.0711 2700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/10 09:53:09.0758 2700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/10 09:53:09.0805 2700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/10 09:53:09.0867 2700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/10 09:53:09.0945 2700 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/10 09:53:10.0054 2700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/10 09:53:10.0101 2700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/10 09:53:10.0164 2700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/10 09:53:10.0257 2700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/10 09:53:10.0320 2700 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/10 09:53:10.0382 2700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/10 09:53:10.0413 2700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/10 09:53:10.0476 2700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/10 09:53:10.0507 2700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/10 09:53:10.0538 2700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/10 09:53:10.0569 2700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/10 09:53:10.0632 2700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/10 09:53:10.0725 2700 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/07/10 09:53:10.0756 2700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/10 09:53:10.0819 2700 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/10 09:53:10.0897 2700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/10 09:53:10.0944 2700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/10 09:53:11.0037 2700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/10 09:53:11.0068 2700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/10 09:53:11.0115 2700 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/10 09:53:11.0193 2700 CnxtHdAudService (3cb10294f7a59fd22501f4bad915f250) C:\Windows\system32\drivers\CHDRT64.sys
2011/07/10 09:53:11.0287 2700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/10 09:53:11.0334 2700 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/10 09:53:11.0380 2700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/10 09:53:11.0458 2700 DCamUSBEMPIA (b1c55a95006d621d04fe4a23f86c0a54) C:\Windows\system32\DRIVERS\emDevice64.sys
2011/07/10 09:53:11.0568 2700 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/10 09:53:11.0630 2700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/10 09:53:11.0677 2700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/10 09:53:11.0755 2700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/10 09:53:11.0833 2700 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/10 09:53:11.0973 2700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/10 09:53:12.0160 2700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/10 09:53:12.0223 2700 emAudio (8543bb84cd5872cd1619183f5cbbe3f9) C:\Windows\system32\drivers\emAudio64.sys
2011/07/10 09:53:12.0285 2700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/10 09:53:12.0363 2700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/10 09:53:12.0410 2700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/10 09:53:12.0457 2700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/10 09:53:12.0519 2700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/10 09:53:12.0550 2700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/10 09:53:12.0613 2700 FiltUSBEMPIA (73fbb50c4d92adc30a9d57a269489a0b) C:\Windows\system32\DRIVERS\emFilter64.sys
2011/07/10 09:53:12.0660 2700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/10 09:53:12.0722 2700 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/10 09:53:12.0784 2700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/10 09:53:12.0831 2700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/10 09:53:12.0894 2700 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/10 09:53:12.0956 2700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/10 09:53:13.0018 2700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/10 09:53:13.0081 2700 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/10 09:53:13.0128 2700 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/10 09:53:13.0159 2700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/10 09:53:13.0221 2700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/10 09:53:13.0268 2700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/10 09:53:13.0346 2700 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/10 09:53:13.0471 2700 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/10 09:53:13.0533 2700 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/10 09:53:13.0642 2700 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/07/10 09:53:13.0752 2700 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/10 09:53:13.0798 2700 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/10 09:53:13.0876 2700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/10 09:53:13.0939 2700 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/10 09:53:14.0173 2700 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/10 09:53:14.0454 2700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/10 09:53:14.0516 2700 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/07/10 09:53:14.0547 2700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/10 09:53:14.0610 2700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/10 09:53:14.0672 2700 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/10 09:53:14.0719 2700 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/10 09:53:14.0766 2700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/10 09:53:14.0781 2700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/10 09:53:14.0828 2700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/10 09:53:14.0859 2700 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/10 09:53:14.0906 2700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/10 09:53:14.0953 2700 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/10 09:53:15.0000 2700 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/10 09:53:15.0046 2700 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/10 09:53:15.0078 2700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/10 09:53:15.0187 2700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/10 09:53:15.0265 2700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/10 09:53:15.0312 2700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/10 09:53:15.0343 2700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/10 09:53:15.0390 2700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/10 09:53:15.0452 2700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/10 09:53:15.0499 2700 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
2011/07/10 09:53:15.0561 2700 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/10 09:53:15.0608 2700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/10 09:53:15.0655 2700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/10 09:53:15.0733 2700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/10 09:53:15.0764 2700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/10 09:53:15.0811 2700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/10 09:53:15.0858 2700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/10 09:53:15.0889 2700 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/10 09:53:15.0951 2700 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/10 09:53:15.0998 2700 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/10 09:53:16.0029 2700 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/10 09:53:16.0092 2700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/10 09:53:16.0138 2700 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/10 09:53:16.0201 2700 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/10 09:53:16.0248 2700 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/10 09:53:16.0279 2700 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/10 09:53:16.0326 2700 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/10 09:53:16.0372 2700 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/10 09:53:16.0450 2700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/10 09:53:16.0497 2700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/10 09:53:16.0513 2700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/10 09:53:16.0575 2700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/10 09:53:16.0622 2700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/10 09:53:16.0669 2700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/10 09:53:16.0700 2700 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/10 09:53:16.0778 2700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/10 09:53:16.0809 2700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/10 09:53:16.0840 2700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/10 09:53:16.0918 2700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/10 09:53:16.0981 2700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/10 09:53:17.0184 2700 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/10 09:53:17.0277 2700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/10 09:53:17.0308 2700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/10 09:53:17.0371 2700 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/10 09:53:17.0402 2700 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/10 09:53:17.0449 2700 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/10 09:53:17.0496 2700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/10 09:53:17.0542 2700 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/10 09:53:17.0776 2700 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/07/10 09:53:18.0010 2700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/10 09:53:18.0057 2700 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/10 09:53:18.0135 2700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/10 09:53:18.0166 2700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/10 09:53:18.0244 2700 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/07/10 09:53:18.0291 2700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/10 09:53:18.0322 2700 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/10 09:53:18.0385 2700 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/10 09:53:18.0432 2700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/10 09:53:18.0494 2700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/10 09:53:18.0572 2700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/10 09:53:18.0634 2700 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/10 09:53:18.0697 2700 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/10 09:53:18.0728 2700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/10 09:53:18.0775 2700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/10 09:53:18.0868 2700 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/07/10 09:53:18.0900 2700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/10 09:53:18.0946 2700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/10 09:53:19.0134 2700 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/10 09:53:19.0180 2700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/10 09:53:19.0274 2700 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/10 09:53:19.0352 2700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/10 09:53:19.0430 2700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/10 09:53:19.0477 2700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/10 09:53:19.0492 2700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/10 09:53:19.0570 2700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/10 09:53:19.0617 2700 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/10 09:53:19.0664 2700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/10 09:53:19.0695 2700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/10 09:53:19.0742 2700 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
2011/07/10 09:53:19.0789 2700 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/10 09:53:19.0836 2700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/10 09:53:19.0867 2700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/10 09:53:19.0929 2700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/10 09:53:19.0976 2700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/10 09:53:20.0007 2700 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/10 09:53:20.0070 2700 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/10 09:53:20.0148 2700 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/07/10 09:53:20.0194 2700 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/07/10 09:53:20.0257 2700 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/07/10 09:53:20.0335 2700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/10 09:53:20.0382 2700 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/10 09:53:20.0428 2700 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/10 09:53:20.0584 2700 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/07/10 09:53:20.0647 2700 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/07/10 09:53:20.0678 2700 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/10 09:53:20.0725 2700 ScanUSBEMPIA (eecbbf7d76300e5558d316983961ffc1) C:\Windows\system32\DRIVERS\emScan64.sys
2011/07/10 09:53:20.0787 2700 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/10 09:53:20.0850 2700 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/10 09:53:20.0912 2700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/10 09:53:20.0990 2700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/10 09:53:21.0021 2700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/10 09:53:21.0068 2700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/10 09:53:21.0162 2700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/10 09:53:21.0193 2700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/10 09:53:21.0224 2700 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/10 09:53:21.0255 2700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/10 09:53:21.0333 2700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/10 09:53:21.0364 2700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/10 09:53:21.0427 2700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/10 09:53:21.0567 2700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/10 09:53:21.0676 2700 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS
2011/07/10 09:53:21.0723 2700 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
2011/07/10 09:53:21.0801 2700 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/10 09:53:21.0848 2700 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/10 09:53:21.0910 2700 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/07/10 09:53:21.0973 2700 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/07/10 09:53:22.0051 2700 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/07/10 09:53:22.0098 2700 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/10 09:53:22.0176 2700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/10 09:53:22.0222 2700 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/07/10 09:53:22.0269 2700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/10 09:53:22.0378 2700 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/10 09:53:22.0519 2700 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/10 09:53:22.0612 2700 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/10 09:53:22.0690 2700 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/10 09:53:22.0737 2700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/10 09:53:22.0768 2700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/10 09:53:22.0815 2700 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/10 09:53:22.0862 2700 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/10 09:53:22.0956 2700 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/10 09:53:23.0002 2700 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/10 09:53:23.0049 2700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/10 09:53:23.0096 2700 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/10 09:53:23.0158 2700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/10 09:53:23.0221 2700 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/10 09:53:23.0268 2700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/10 09:53:23.0330 2700 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/10 09:53:23.0392 2700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/10 09:53:23.0439 2700 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/10 09:53:23.0502 2700 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/10 09:53:23.0548 2700 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/10 09:53:23.0595 2700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/10 09:53:23.0642 2700 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/10 09:53:23.0673 2700 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/10 09:53:23.0751 2700 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/10 09:53:23.0829 2700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/10 09:53:23.0876 2700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/10 09:53:23.0907 2700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/10 09:53:23.0954 2700 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/10 09:53:23.0985 2700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/10 09:53:24.0016 2700 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/10 09:53:24.0063 2700 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/10 09:53:24.0110 2700 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/10 09:53:24.0157 2700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/10 09:53:24.0219 2700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/10 09:53:24.0250 2700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/10 09:53:24.0313 2700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/10 09:53:24.0375 2700 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/10 09:53:24.0391 2700 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/10 09:53:24.0516 2700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/10 09:53:24.0562 2700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/10 09:53:24.0656 2700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/10 09:53:24.0703 2700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/10 09:53:24.0765 2700 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/07/10 09:53:24.0921 2700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/10 09:53:24.0984 2700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/10 09:53:25.0062 2700 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/10 09:53:25.0124 2700 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/10 09:53:25.0186 2700 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/07/10 09:53:25.0249 2700 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/10 09:53:25.0327 2700 MBR (0x1B8) (be33e9979578989ce12202388ab769a0) \Device\Harddisk0\DR0
2011/07/10 09:53:25.0358 2700 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/07/10 09:53:25.0436 2700 Boot (0x1200) (eefb3f543ff4316be1d59ac1d49dd9e8) \Device\Harddisk0\DR0\Partition0
2011/07/10 09:53:25.0467 2700 Boot (0x1200) (4507f022ea0c0b7d04b194dcc69c7f50) \Device\Harddisk0\DR0\Partition1
2011/07/10 09:53:25.0498 2700 Boot (0x1200) (c314d47b8424614a56f10827f9d4b059) \Device\Harddisk0\DR0\Partition2
2011/07/10 09:53:25.0530 2700 Boot (0x1200) (56733fd008f3768dcc2ba477f96300d2) \Device\Harddisk1\DR1\Partition0
2011/07/10 09:53:25.0545 2700 ================================================================================
2011/07/10 09:53:25.0545 2700 Scan finished
2011/07/10 09:53:25.0545 2700 ================================================================================
2011/07/10 09:53:25.0561 3536 Detected object count: 0
2011/07/10 09:53:25.0561 3536 Actual detected object count: 0
2011/07/10 09:54:44.0320 0900 ================================================================================
2011/07/10 09:54:44.0320 0900 Scan started
2011/07/10 09:54:44.0320 0900 Mode: Manual;
2011/07/10 09:54:44.0320 0900 ================================================================================
2011/07/10 09:54:44.0851 0900 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/10 09:54:44.0897 0900 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/10 09:54:44.0944 0900 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/10 09:54:44.0975 0900 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/10 09:54:45.0022 0900 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/10 09:54:45.0053 0900 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/10 09:54:45.0163 0900 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/10 09:54:45.0209 0900 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/10 09:54:45.0256 0900 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/10 09:54:45.0272 0900 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/10 09:54:45.0334 0900 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/10 09:54:45.0365 0900 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/10 09:54:45.0412 0900 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/10 09:54:45.0443 0900 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/10 09:54:45.0475 0900 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/10 09:54:45.0521 0900 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/10 09:54:45.0584 0900 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/10 09:54:45.0631 0900 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/10 09:54:45.0646 0900 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/10 09:54:45.0693 0900 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/10 09:54:45.0787 0900 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/10 09:54:45.0880 0900 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/10 09:54:45.0927 0900 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/10 09:54:45.0974 0900 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/10 09:54:46.0052 0900 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/10 09:54:46.0114 0900 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/10 09:54:46.0145 0900 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/10 09:54:46.0192 0900 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/10 09:54:46.0255 0900 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/10 09:54:46.0286 0900 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/10 09:54:46.0317 0900 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/10 09:54:46.0364 0900 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/10 09:54:46.0411 0900 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/10 09:54:46.0473 0900 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/07/10 09:54:46.0520 0900 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/10 09:54:46.0567 0900 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/10 09:54:46.0613 0900 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/10 09:54:46.0660 0900 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/10 09:54:46.0707 0900 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/10 09:54:46.0754 0900 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/10 09:54:46.0801 0900 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/10 09:54:46.0863 0900 CnxtHdAudService (3cb10294f7a59fd22501f4bad915f250) C:\Windows\system32\drivers\CHDRT64.sys
2011/07/10 09:54:46.0910 0900 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/10 09:54:46.0957 0900 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/10 09:54:47.0003 0900 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/10 09:54:47.0066 0900 DCamUSBEMPIA (b1c55a95006d621d04fe4a23f86c0a54) C:\Windows\system32\DRIVERS\emDevice64.sys
2011/07/10 09:54:47.0159 0900 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/10 09:54:47.0222 0900 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/10 09:54:47.0253 0900 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/10 09:54:47.0315 0900 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/10 09:54:47.0393 0900 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/10 09:54:47.0534 0900 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/10 09:54:47.0690 0900 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/10 09:54:47.0752 0900 emAudio (8543bb84cd5872cd1619183f5cbbe3f9) C:\Windows\system32\drivers\emAudio64.sys
2011/07/10 09:54:47.0799 0900 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/10 09:54:47.0955 0900 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/10 09:54:47.0986 0900 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/10 09:54:48.0049 0900 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/10 09:54:48.0095 0900 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/10 09:54:48.0127 0900 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/10 09:54:48.0173 0900 FiltUSBEMPIA (73fbb50c4d92adc30a9d57a269489a0b) C:\Windows\system32\DRIVERS\emFilter64.sys
2011/07/10 09:54:48.0205 0900 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/10 09:54:48.0251 0900 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/10 09:54:48.0298 0900 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/10 09:54:48.0329 0900 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/10 09:54:48.0392 0900 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/10 09:54:48.0454 0900 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/10 09:54:48.0501 0900 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/10 09:54:48.0532 0900 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/10 09:54:48.0579 0900 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/10 09:54:48.0610 0900 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/10 09:54:48.0657 0900 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/10 09:54:48.0688 0900 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/10 09:54:48.0751 0900 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/10 09:54:48.0844 0900 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/10 09:54:48.0907 0900 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/10 09:54:49.0000 0900 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/07/10 09:54:49.0078 0900 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/10 09:54:49.0109 0900 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/10 09:54:49.0156 0900 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/10 09:54:49.0234 0900 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/10 09:54:49.0468 0900 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/10 09:54:49.0624 0900 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/10 09:54:49.0687 0900 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/07/10 09:54:49.0718 0900 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/10 09:54:49.0765 0900 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/10 09:54:49.0811 0900 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/10 09:54:49.0858 0900 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/10 09:54:49.0905 0900 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/10 09:54:49.0921 0900 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/10 09:54:49.0983 0900 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/10 09:54:50.0045 0900 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/10 09:54:50.0077 0900 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/10 09:54:50.0108 0900 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/10 09:54:50.0155 0900 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/10 09:54:50.0201 0900 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/10 09:54:50.0233 0900 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/10 09:54:50.0311 0900 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/10 09:54:50.0373 0900 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/10 09:54:50.0420 0900 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/10 09:54:50.0467 0900 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/10 09:54:50.0513 0900 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/10 09:54:50.0545 0900 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/10 09:54:50.0591 0900 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
2011/07/10 09:54:50.0638 0900 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/10 09:54:50.0685 0900 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/10 09:54:50.0732 0900 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/10 09:54:50.0794 0900 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/10 09:54:50.0825 0900 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/10 09:54:50.0857 0900 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/10 09:54:50.0903 0900 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/10 09:54:50.0935 0900 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/10 09:54:50.0981 0900 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/10 09:54:51.0028 0900 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/10 09:54:51.0091 0900 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/10 09:54:51.0137 0900 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/10 09:54:51.0184 0900 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/10 09:54:51.0247 0900 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/10 09:54:51.0293 0900 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/10 09:54:51.0325 0900 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/10 09:54:51.0371 0900 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/10 09:54:51.0418 0900 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/10 09:54:51.0481 0900 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/10 09:54:51.0512 0900 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/10 09:54:51.0527 0900 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/10 09:54:51.0590 0900 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/10 09:54:51.0637 0900 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/10 09:54:51.0668 0900 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/10 09:54:51.0715 0900 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/10 09:54:51.0761 0900 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/10 09:54:51.0793 0900 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/10 09:54:51.0824 0900 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/10 09:54:51.0871 0900 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/10 09:54:51.0917 0900 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/10 09:54:52.0089 0900 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/10 09:54:52.0136 0900 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/10 09:54:52.0167 0900 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/10 09:54:52.0198 0900 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/10 09:54:52.0229 0900 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/10 09:54:52.0261 0900 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/10 09:54:52.0307 0900 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/10 09:54:52.0370 0900 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/10 09:54:52.0573 0900 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/07/10 09:54:52.0729 0900 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/10 09:54:52.0775 0900 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/10 09:54:52.0838 0900 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/10 09:54:52.0869 0900 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/10 09:54:52.0963 0900 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/07/10 09:54:53.0009 0900 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/10 09:54:53.0056 0900 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/10 09:54:53.0087 0900 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/10 09:54:53.0134 0900 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/10 09:54:53.0197 0900 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/10 09:54:53.0275 0900 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/10 09:54:53.0321 0900 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/10 09:54:53.0384 0900 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/10 09:54:53.0415 0900 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/10 09:54:53.0462 0900 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/10 09:54:53.0524 0900 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/07/10 09:54:53.0555 0900 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/10 09:54:53.0602 0900 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/10 09:54:53.0774 0900 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/10 09:54:53.0821 0900 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/10 09:54:53.0883 0900 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/10 09:54:53.0961 0900 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/10 09:54:54.0008 0900 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/10 09:54:54.0055 0900 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/10 09:54:54.0086 0900 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/10 09:54:54.0133 0900 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/10 09:54:54.0179 0900 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/10 09:54:54.0226 0900 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/10 09:54:54.0273 0900 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/10 09:54:54.0320 0900 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
2011/07/10 09:54:54.0351 0900 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/10 09:54:54.0398 0900 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/10 09:54:54.0429 0900 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/10 09:54:54.0476 0900 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/10 09:54:54.0523 0900 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/10 09:54:54.0554 0900 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/10 09:54:54.0601 0900 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/10 09:54:54.0679 0900 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/07/10 09:54:54.0710 0900 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/07/10 09:54:54.0741 0900 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/07/10 09:54:54.0803 0900 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/10 09:54:54.0850 0900 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/10 09:54:54.0897 0900 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/10 09:54:55.0022 0900 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/07/10 09:54:55.0053 0900 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/07/10 09:54:55.0100 0900 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/10 09:54:55.0131 0900 ScanUSBEMPIA (eecbbf7d76300e5558d316983961ffc1) C:\Windows\system32\DRIVERS\emScan64.sys
2011/07/10 09:54:55.0193 0900 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/10 09:54:55.0240 0900 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/10 09:54:55.0287 0900 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/10 09:54:55.0349 0900 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/10 09:54:55.0381 0900 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/10 09:54:55.0427 0900 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/10 09:54:55.0505 0900 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/10 09:54:55.0537 0900 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/10 09:54:55.0568 0900 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/10 09:54:55.0599 0900 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/10 09:54:55.0661 0900 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/10 09:54:55.0677 0900 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/10 09:54:55.0739 0900 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/10 09:54:55.0802 0900 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/10 09:54:55.0895 0900 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS
2011/07/10 09:54:55.0942 0900 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
2011/07/10 09:54:56.0020 0900 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/10 09:54:56.0067 0900 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/10 09:54:56.0145 0900 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/07/10 09:54:56.0207 0900 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/07/10 09:54:56.0270 0900 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/07/10 09:54:56.0348 0900 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/10 09:54:56.0395 0900 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/10 09:54:56.0441 0900 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/07/10 09:54:56.0488 0900 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/10 09:54:56.0597 0900 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/10 09:54:56.0722 0900 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/10 09:54:56.0800 0900 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/10 09:54:56.0878 0900 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/10 09:54:56.0909 0900 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/10 09:54:56.0941 0900 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/10 09:54:56.0972 0900 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/10 09:54:57.0019 0900 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/10 09:54:57.0112 0900 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/10 09:54:57.0143 0900 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/10 09:54:57.0206 0900 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/10 09:54:57.0253 0900 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/10 09:54:57.0315 0900 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/10 09:54:57.0346 0900 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/10 09:54:57.0393 0900 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/10 09:54:57.0440 0900 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/10 09:54:57.0518 0900 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/10 09:54:57.0549 0900 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/10 09:54:57.0611 0900 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/10 09:54:57.0643 0900 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/10 09:54:57.0689 0900 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/10 09:54:57.0721 0900 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/10 09:54:57.0752 0900 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/10 09:54:57.0799 0900 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/10 09:54:57.0861 0900 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/10 09:54:57.0908 0900 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/10 09:54:57.0955 0900 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/10 09:54:58.0001 0900 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/10 09:54:58.0017 0900 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/10 09:54:58.0079 0900 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/10 09:54:58.0126 0900 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/10 09:54:58.0173 0900 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/10 09:54:58.0235 0900 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/10 09:54:58.0298 0900 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/10 09:54:58.0329 0900 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/10 09:54:58.0391 0900 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/10 09:54:58.0423 0900 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/10 09:54:58.0454 0900 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/10 09:54:58.0547 0900 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/10 09:54:58.0594 0900 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/10 09:54:58.0703 0900 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/10 09:54:58.0735 0900 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/10 09:54:58.0813 0900 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/07/10 09:54:58.0937 0900 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/10 09:54:59.0015 0900 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/10 09:54:59.0093 0900 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/10 09:54:59.0140 0900 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/10 09:54:59.0203 0900 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/07/10 09:54:59.0265 0900 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/10 09:54:59.0312 0900 MBR (0x1B8) (be33e9979578989ce12202388ab769a0) \Device\Harddisk0\DR0
2011/07/10 09:55:00.0123 0900 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/07/10 09:55:00.0217 0900 Boot (0x1200) (eefb3f543ff4316be1d59ac1d49dd9e8) \Device\Harddisk0\DR0\Partition0
2011/07/10 09:55:00.0248 0900 Boot (0x1200) (4507f022ea0c0b7d04b194dcc69c7f50) \Device\Harddisk0\DR0\Partition1
2011/07/10 09:55:00.0295 0900 Boot (0x1200) (c314d47b8424614a56f10827f9d4b059) \Device\Harddisk0\DR0\Partition2
2011/07/10 09:55:00.0310 0900 Boot (0x1200) (56733fd008f3768dcc2ba477f96300d2) \Device\Harddisk1\DR1\Partition0
2011/07/10 09:55:00.0326 0900 ================================================================================
2011/07/10 09:55:00.0326 0900 Scan finished
2011/07/10 09:55:00.0326 0900 ================================================================================
2011/07/10 09:55:00.0341 1396 Detected object count: 0
2011/07/10 09:55:00.0341 1396 Actual detected object count: 0
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK looks like time for a bigger hammer

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
dc523680

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Ok I ran combofix and here is the text that was generated.

ComboFix 11-07-05.03 - Dan 07/10/2011 11:19:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1183 [GMT -4:00]
Running from: c:\users\Dan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dan\AppData\Roaming\inst.exe
c:\users\Dan\AppData\Roaming\Local
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\crzs.01.avi.ddr
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\QSS.HD.nstppbl.01.avi.ddr
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crzs.01.avi
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Mrrrs.2.01.avi(2).ddp
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Mrrrs.2.01.avi.ddp
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\QSS.HD.nstppbl.01.avi.ddp
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\video.avi.ddp
c:\users\Dan\AppData\Roaming\Local\Temp\DDM\Settings\video.avi.ddr
.
.
((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-10 15:51 . 2011-07-10 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-10 07:48 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-07-10 07:48 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-07-10 05:41 . 2011-07-10 05:41 -------- d-----w- C:\_OTL
2011-07-10 04:19 . 2011-06-07 14:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-10 04:19 . 2011-06-07 14:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07CA7C83-0331-4E1C-8EDA-D47CE10EF5BD}\mpengine.dll
2011-07-09 06:03 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-07-09 06:03 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-07-09 06:03 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-07-09 06:03 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-07-09 06:03 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-07-09 06:03 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-09 06:03 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-07-09 06:03 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-09 06:03 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-09 06:03 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-09 05:57 . 2011-07-09 05:57 -------- d-----w- c:\program files\CCleaner
2011-07-09 00:55 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-07-09 00:55 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-07-08 22:50 . 2010-01-19 09:00 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-07-08 22:49 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-07-08 22:49 . 2010-11-02 04:35 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-07-08 22:49 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-08 22:49 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-07-08 22:49 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-07-08 22:49 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-07-08 22:45 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-07-08 22:44 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-07-08 22:43 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-08 22:42 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2011-07-08 22:41 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-07-08 22:31 . 2011-07-08 22:30 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA0FED61-958C-4271-8FE6-DD284755B54C}\gapaengine.dll
2011-07-08 22:29 . 2011-07-08 22:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-07-08 22:29 . 2011-07-08 22:29 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-08 00:21 . 2011-07-08 00:20 1008041 ----a-w- C:\rkill.com
2011-07-07 23:31 . 2011-07-07 23:31 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-07-07 02:57 . 2011-07-07 02:57 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2011-07-07 02:54 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 02:54 . 2011-07-07 02:54 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 13:50 . 2011-06-19 13:50 -------- d-----w- c:\users\Dan\AppData\Roaming\acccore
2011-06-19 13:50 . 2011-06-19 13:50 -------- d-----w- c:\users\Dan\AppData\Local\AOL
2011-06-19 13:50 . 2011-06-19 13:50 -------- d-----w- c:\users\Dan\AppData\Local\AIM
2011-06-19 13:50 . 2011-06-19 13:50 -------- d-----w- c:\programdata\AIM
2011-06-19 13:50 . 2011-06-19 13:50 -------- d-----w- c:\program files (x86)\AIM
2011-06-19 13:50 . 2011-06-19 13:50 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2011-06-19 13:50 . 2011-06-19 13:50 -------- d-----w- c:\program files (x86)\Common Files\AOL
2011-06-18 13:42 . 2011-06-18 13:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-16 23:36 . 2011-05-16 23:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-16 23:36 . 2011-05-16 23:36 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-16 23:36 . 2011-05-16 23:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-16 23:35 . 2011-05-16 23:35 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-29 01:41 . 2011-04-29 01:41 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-04-29 01:41 . 2011-04-29 01:41 82816 ----a-w- c:\users\Dan\AppData\Roaming\pcouffin.sys
2011-04-27 19:25 . 2011-04-27 19:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-18 17:18 . 2011-04-18 17:18 40832 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 17:18 . 2011-04-18 17:18 189440 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-06 c:\windows\Tasks\HPCeeScheduleForDan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-01 171520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-20 365592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-20 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-20 387608]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/burn4free/{0A31B16E-BBB1-4ED7-B62D-C640E4B342B6}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{FEC629D6-B0FA-42FC-8A13-5F6EF264D915}: NameServer = 10.177.0.34 10.161.171.220
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\vo3258jn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Driver Fetch - c:\program files (x86)\Driver Fetch\2.5.0.2\DriverFetch.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
.
**************************************************************************
.
Completion time: 2011-07-10 12:17:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-10 16:17
.
Pre-Run: 198,461,014,016 bytes free
Post-Run: 198,442,795,008 bytes free
.
- - End Of File - - F39B049B86F74A8540F4DA1CDF31078A
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now update and run Malwarebytes please and post the resultant log along with your current problems
  • 0

#9
dc523680

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I did a quick scan with malwarebytes which found nothing. Did you want me to run a full scan? I am still having problems with the internet giving me tons of popups and new windows. Google redirects me at least three times before I can view a web page. Every once in a while Windows Essentials will detect a virus trying to install itself on my computer while im not even doing anything. Thats about the extent of whats still happening.
  • 0

#10
dc523680

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Sorry, here is the text of the scan from malwarebytes.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7067

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/10/2011 5:32:07 PM
mbam-log-2011-07-10 (17-32-07).txt

Scan type: Quick scan
Objects scanned: 176927
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have been coming across a new variant of TDL and I would like to check that out with a small fast programme

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#12
dc523680

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here is the text that was created:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 202):
0x02C4F000 \SystemRoot\system32\ntoskrnl.exe
0x02C06000 \SystemRoot\system32\hal.dll
0x00BBC000 \SystemRoot\system32\kdcom.dll
0x00CDA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D1E000 \SystemRoot\system32\PSHED.dll
0x00D32000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E81000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F25000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F34000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F8B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F94000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F9E000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FD1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FDE000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E00000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E2A000 \SystemRoot\System32\drivers\partmgr.sys
0x00E3F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E48000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E54000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D90000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E69000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E71000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FE7000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00FEE000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00FF5000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x0107A000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x010A0000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x010C9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x010F9000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01100000 \SystemRoot\system32\DRIVERS\viaide.sys
0x012A8000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x013C6000 \SystemRoot\system32\DRIVERS\atapi.sys
0x013CF000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01200000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x0121D000 \SystemRoot\system32\DRIVERS\storport.sys
0x0127F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0128A000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01108000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01183000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01000000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x0102F000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x0144D000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01494000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0149F000 \SystemRoot\system32\DRIVERS\arc.sys
0x014B8000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x014D3000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x0155A000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x0156B000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0158A000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x0159D000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x015BC000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01642000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x016E6000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x016F6000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01813000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01721000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019B7000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019C5000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019DD000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01780000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x017AA000 \SystemRoot\system32\drivers\fltmgr.sys
0x019E7000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A2C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01C1A000 \SystemRoot\System32\Drivers\msrpc.sys
0x01C78000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C92000 \SystemRoot\System32\Drivers\cng.sys
0x01D05000 \SystemRoot\System32\drivers\pcw.sys
0x01D16000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01EAE000 \SystemRoot\system32\drivers\ndis.sys
0x01FA0000 \SystemRoot\system32\drivers\NETIO.SYS
0x01E00000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02000000 \SystemRoot\System32\drivers\tcpip.sys
0x01E2B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01E75000 \SystemRoot\system32\DRIVERS\wd.sys
0x01D20000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01E7D000 \SystemRoot\System32\Drivers\spldr.sys
0x01E85000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01D6C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01DA6000 \SystemRoot\System32\Drivers\mup.sys
0x01EA2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01DB8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C00000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01600000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0430D000 \SystemRoot\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
0x04321000 \SystemRoot\System32\Drivers\Null.SYS
0x0432A000 \SystemRoot\System32\Drivers\Beep.SYS
0x04331000 \SystemRoot\System32\drivers\vga.sys
0x0433F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04364000 \SystemRoot\System32\drivers\watchdog.sys
0x04374000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0437D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04386000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0438F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0439A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x043AB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x043C9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04200000 \SystemRoot\system32\drivers\afd.sys
0x04289000 \SystemRoot\System32\DRIVERS\netbt.sys
0x042CE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x042D7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x043D6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043EC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x015E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01400000 \SystemRoot\system32\DRIVERS\termdd.sys
0x042FD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x01800000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03444000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03495000 \SystemRoot\system32\drivers\nsiproxy.sys
0x034A1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x034AC000 \SystemRoot\System32\drivers\discache.sys
0x034BB000 \SystemRoot\System32\Drivers\dfsc.sys
0x034D9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x034EA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03510000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03526000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0441E000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04C2E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D22000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04D68000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04D75000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04DCB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04DDC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04B26000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05213000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05382000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0538F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x053AD000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x053B9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04B5F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x053C8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x053CA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x053D9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x053DE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x053F6000 \SystemRoot\system32\drivers\ksthunk.sys
0x04BA8000 \SystemRoot\system32\drivers\ks.sys
0x05200000 \SystemRoot\System32\Drivers\RootMdm.sys
0x04C00000 \SystemRoot\system32\drivers\modem.sys
0x04C0F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0352F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04BEB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03553000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04400000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03582000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x035A3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x035BD000 \SystemRoot\System32\Drivers\pcouffin.sys
0x05208000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x05210000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03400000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
0x035D2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x054FB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05555000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05400000 \SystemRoot\system32\drivers\CHDRT64.sys
0x054AC000 \SystemRoot\system32\drivers\portcls.sys
0x0556A000 \SystemRoot\system32\drivers\drmk.sys
0x0558C000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x05837000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x050EE000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x051B9000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x05000000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x0503A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x05057000 \SystemRoot\System32\drivers\Dxapi.sys
0x05063000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05091000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0509F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x050AB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x050B6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x050C9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x00990000 \SystemRoot\System32\ATMFD.DLL
0x059AB000 \SystemRoot\system32\drivers\luafv.sys
0x059CE000 \SystemRoot\system32\drivers\WudfPf.sys
0x050D7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03060000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x030B3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x030C6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x030DE000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03114000 \SystemRoot\system32\drivers\HTTP.sys
0x031DC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03000000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03018000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03C9F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03CED000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03D10000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x03D15000 \SystemRoot\system32\drivers\peauth.sys
0x03DBB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03DC6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03C00000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03C12000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x03C1A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05602000 \SystemRoot\System32\DRIVERS\srv.sys
0x05697000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x05739000 \SystemRoot\system32\DRIVERS\serscan.sys
0x77440000 \Windows\System32\ntdll.dll
0x47630000 \Windows\System32\smss.exe
0xFF760000 \Windows\System32\apisetschema.dll
0xFFD60000 \Windows\System32\autochk.exe
0xFF6B0000 \Windows\System32\clbcatq.dll

Processes (total 67):
0 System Idle Process
4 System
252 C:\Windows\System32\smss.exe
396 csrss.exe
436 C:\Windows\System32\wininit.exe
448 csrss.exe
496 C:\Windows\System32\services.exe
520 C:\Windows\System32\lsass.exe
528 C:\Windows\System32\lsm.exe
572 C:\Windows\System32\winlogon.exe
656 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\svchost.exe
780 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
868 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
588 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\spoolsv.exe
1448 C:\Windows\System32\svchost.exe
1620 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1656 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\svchost.exe
1728 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1776 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
1928 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1980 C:\Windows\System32\svchost.exe
2276 WUDFHost.exe
2664 C:\Windows\System32\taskhost.exe
2684 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
2724 C:\Windows\System32\dwm.exe
2804 C:\Windows\explorer.exe
2948 C:\Program Files\Java\jre6\bin\jusched.exe
2956 C:\Windows\System32\igfxpers.exe
2964 C:\Windows\System32\igfxtray.exe
2976 C:\Windows\System32\hkcmd.exe
3004 C:\Windows\System32\igfxsrvc.exe
1536 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
684 C:\Program Files\Microsoft Security Client\msseces.exe
2200 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2356 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
1632 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1820 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
928 C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
752 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1324 C:\Windows\System32\svchost.exe
3240 C:\Program Files\Windows Media Player\wmpnetwk.exe
3408 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
3632 WmiPrvSE.exe
3772 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3968 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4044 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3188 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2472 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3900 C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe
2612 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
4536 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
4588 C:\Windows\System32\svchost.exe
4396 C:\Windows\System32\wuauclt.exe
2128 C:\Windows\System32\consent.exe
4440 C:\Windows\System32\consent.exe
5080 C:\Windows\System32\audiodg.exe
5044 C:\Program Files\Internet Explorer\iexplore.exe
3796 C:\Program Files\Internet Explorer\iexplore.exe
3764 C:\Users\Dan\Desktop\MBRCheck.exe
2584 C:\Windows\System32\conhost.exe
4460 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`6d100000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM320II, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will try MBRcheck first to fix the MBR

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):



Enter >>0<< and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:



Enter >>5<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:



Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...



Press Enter. A report will be produced on the desktop.

Reboot and run MBRCheck again as for the first run
Post that report in your next reply.
  • 0

#14
dc523680

dc523680

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Followed all of your instructions. Here is the log produced after a restart:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 238):
0x02C5A000 \SystemRoot\system32\ntoskrnl.exe
0x02C11000 \SystemRoot\system32\hal.dll
0x00BD3000 \SystemRoot\system32\kdcom.dll
0x00CFB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D3F000 \SystemRoot\system32\PSHED.dll
0x00D53000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E38000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EDC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EEB000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F42000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F4B000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F55000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F88000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F95000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00F9E000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00FC8000 \SystemRoot\System32\drivers\partmgr.sys
0x00FDD000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FE6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010B9000 \SystemRoot\System32\drivers\volmgrx.sys
0x01115000 \SystemRoot\system32\DRIVERS\intelide.sys
0x0111D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0112D000 \SystemRoot\system32\DRIVERS\aliide.sys
0x01134000 \SystemRoot\system32\DRIVERS\amdide.sys
0x0113B000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x01143000 \SystemRoot\System32\drivers\mountmgr.sys
0x0115D000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x01183000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x011AC000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x011DC000 \SystemRoot\system32\DRIVERS\pciide.sys
0x011E3000 \SystemRoot\system32\DRIVERS\viaide.sys
0x012C7000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x013E5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01200000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0122A000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01247000 \SystemRoot\system32\DRIVERS\storport.sys
0x012A9000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01000000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01017000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x0148B000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x014E1000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01510000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x0152E000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01575000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01580000 \SystemRoot\system32\DRIVERS\arc.sys
0x01599000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01400000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x015B4000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x015C5000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x015E4000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01092000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x012B4000 \SystemRoot\system32\DRIVERS\megasas.sys
0x016F5000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01799000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x017A9000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01814000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01600000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019B8000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019C6000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019DE000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x0165F000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01689000 \SystemRoot\system32\drivers\fltmgr.sys
0x019E8000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01CC1000 \SystemRoot\System32\Drivers\msrpc.sys
0x01D1F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01D39000 \SystemRoot\System32\Drivers\cng.sys
0x01DAC000 \SystemRoot\System32\drivers\pcw.sys
0x01DBD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01E35000 \SystemRoot\system32\drivers\ndis.sys
0x01F27000 \SystemRoot\system32\drivers\NETIO.SYS
0x01F87000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02001000 \SystemRoot\System32\drivers\tcpip.sys
0x01FB2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01E00000 \SystemRoot\system32\DRIVERS\wd.sys
0x01C00000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01E08000 \SystemRoot\System32\Drivers\spldr.sys
0x01E10000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01C4C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C86000 \SystemRoot\System32\Drivers\mup.sys
0x01C98000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01BAB000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01CA1000 \SystemRoot\system32\DRIVERS\disk.sys
0x017D4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x042BF000 \SystemRoot\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
0x042D3000 \SystemRoot\System32\Drivers\Null.SYS
0x042DC000 \SystemRoot\System32\Drivers\Beep.SYS
0x042E3000 \SystemRoot\System32\drivers\vga.sys
0x042F1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04316000 \SystemRoot\System32\drivers\watchdog.sys
0x04326000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0432F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04338000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04341000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0434C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0435D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0437B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04200000 \SystemRoot\system32\drivers\afd.sys
0x04388000 \SystemRoot\System32\DRIVERS\netbt.sys
0x043CD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x043D6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04289000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0429F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01BE5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01800000 \SystemRoot\system32\DRIVERS\termdd.sys
0x042AE000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x01CB7000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x046B1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04702000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0470E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04719000 \SystemRoot\System32\drivers\discache.sys
0x04728000 \SystemRoot\System32\Drivers\dfsc.sys
0x04746000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04757000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0477D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04793000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05059000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0345A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0354E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03594000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x035A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03400000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03411000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05761000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0444D000 \SystemRoot\system32\DRIVERS\athrx.sys
0x045BC000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x045C9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x045E7000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x04400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0579A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0440F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04411000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04420000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04425000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04435000 \SystemRoot\system32\DRIVERS\serscan.sys
0x0443D000 \SystemRoot\system32\drivers\ksthunk.sys
0x05000000 \SystemRoot\system32\drivers\ks.sys
0x04443000 \SystemRoot\System32\Drivers\RootMdm.sys
0x03435000 \SystemRoot\system32\drivers\modem.sys
0x03444000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0479C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x045F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x047C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x057E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04621000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05043000 \SystemRoot\System32\Drivers\pcouffin.sys
0x035F7000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x0444B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0463B000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
0x0467F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04A07000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04A61000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04A76000 \SystemRoot\system32\drivers\CHDRT64.sys
0x04B22000 \SystemRoot\system32\drivers\portcls.sys
0x04B5F000 \SystemRoot\system32\drivers\drmk.sys
0x04B81000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x05843000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x048CE000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x04999000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x049C0000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x04800000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0481D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x0484B000 \SystemRoot\System32\drivers\Dxapi.sys
0x04857000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0488D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005C0000 \SystemRoot\System32\TSDDD.dll
0x0489B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x048A9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x048B5000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x059B7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x006C0000 \SystemRoot\System32\cdd.dll
0x00910000 \SystemRoot\System32\ATMFD.DLL
0x059CA000 \SystemRoot\system32\drivers\luafv.sys
0x05800000 \SystemRoot\system32\drivers\WudfPf.sys
0x05821000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02E7F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02ED2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02EE5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02EFD000 \SystemRoot\system32\drivers\HTTP.sys
0x02FC5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02FE3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02E00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02E2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04BD3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02FFB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x059ED000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x04C76000 \SystemRoot\system32\drivers\peauth.sys
0x04D1C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x04D27000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04D54000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04D66000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x04D6E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06852000 \SystemRoot\System32\DRIVERS\srv.sys
0x068E7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77880000 \Windows\System32\ntdll.dll
0x47610000 \Windows\System32\smss.exe
0xFFBA0000 \Windows\System32\apisetschema.dll
0xFF320000 \Windows\System32\autochk.exe
0xFFAF0000 \Windows\System32\clbcatq.dll
0xFFA70000 \Windows\System32\difxapi.dll
0x77A50000 \Windows\System32\normaliz.dll
0xFFA60000 \Windows\System32\lpk.dll
0xFF990000 \Windows\System32\usp10.dll
0x77780000 \Windows\System32\user32.dll
0xFF780000 \Windows\System32\ole32.dll
0xFF6E0000 \Windows\System32\msvcrt.dll
0xFF6C0000 \Windows\System32\sechost.dll
0x77660000 \Windows\System32\kernel32.dll
0xFF5E0000 \Windows\System32\oleaut32.dll
0xFF380000 \Windows\System32\iertutil.dll
0xFF330000 \Windows\System32\Wldap32.dll
0xFF1B0000 \Windows\System32\urlmon.dll
0xFF0D0000 \Windows\System32\advapi32.dll
0xFE340000 \Windows\System32\shell32.dll
0xFE160000 \Windows\System32\setupapi.dll
0xFE140000 \Windows\System32\imagehlp.dll
0xFE010000 \Windows\System32\rpcrt4.dll
0xFDFE0000 \Windows\System32\imm32.dll
0xFDF90000 \Windows\System32\ws2_32.dll
0xFDF20000 \Windows\System32\gdi32.dll
0xFDE80000 \Windows\System32\comdlg32.dll
0x77A40000 \Windows\System32\psapi.dll
0xFDD70000 \Windows\System32\msctf.dll
0xFDCF0000 \Windows\System32\shlwapi.dll
0xFDCE0000 \Windows\System32\nsi.dll
0xFDBB0000 \Windows\System32\wininet.dll
0xFDA40000 \Windows\System32\crypt32.dll
0xFDA20000 \Windows\System32\devobj.dll
0xFD9E0000 \Windows\System32\cfgmgr32.dll
0xFD970000 \Windows\System32\KernelBase.dll
0xFD930000 \Windows\System32\wintrust.dll
0xFD890000 \Windows\System32\comctl32.dll
0xFD880000 \Windows\System32\msasn1.dll
0x760D0000 \Windows\SysWOW64\normaliz.dll

Processes (total 61):
0 System Idle Process
4 System
252 C:\Windows\System32\smss.exe
400 csrss.exe
440 C:\Windows\System32\wininit.exe
452 csrss.exe
496 C:\Windows\System32\services.exe
528 C:\Windows\System32\winlogon.exe
540 C:\Windows\System32\lsass.exe
548 C:\Windows\System32\lsm.exe
676 C:\Windows\System32\svchost.exe
748 C:\Windows\System32\svchost.exe
804 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
888 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
108 C:\Windows\System32\audiodg.exe
396 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\spoolsv.exe
1256 C:\Windows\System32\svchost.exe
1444 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1476 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\svchost.exe
1552 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1612 C:\Windows\System32\svchost.exe
1640 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
1964 C:\Windows\System32\taskhost.exe
2028 C:\Windows\System32\dwm.exe
1320 C:\Windows\explorer.exe
1784 C:\Windows\System32\svchost.exe
1832 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2056 C:\Windows\System32\svchost.exe
2592 WUDFHost.exe
2660 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
2764 C:\Program Files\Java\jre6\bin\jusched.exe
2776 C:\Windows\System32\igfxpers.exe
2784 C:\Windows\System32\igfxtray.exe
2800 C:\Windows\System32\hkcmd.exe
2816 C:\Windows\System32\igfxsrvc.exe
2860 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
2876 C:\Program Files\Microsoft Security Client\msseces.exe
2988 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3052 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
2640 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3016 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1932 C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
1284 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
1144 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2120 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3104 WmiPrvSE.exe
3276 C:\Windows\System32\svchost.exe
3448 C:\Program Files\Windows Media Player\wmpnetwk.exe
3480 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3684 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3816 C:\Program Files\Internet Explorer\iexplore.exe
3900 C:\Program Files\Internet Explorer\iexplore.exe
2392 C:\Users\Dan\Desktop\MBRCheck.exe
2888 C:\Windows\System32\conhost.exe
3440 C:\Windows\System32\dllhost.exe
2576 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`6d100000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM320II, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like the new one

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FIXMBR

Posted Image

A reboot will be required

Save the log as before and post in your next reply
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP