Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirecting Virus, Blue Screen of Death, Browser Crashing,

Started by jefferyisablob , Sep 26 2011 10:46 PM

  • This topic is locked This topic is locked

#1
jefferyisablob
Posted 26 September 2011 - 10:46 PM

jefferyisablob

    Member

  • Member
  • PipPip
  • 13 posts
It all started a few days ago, i'm not exactly sure how the virus came, nothing was being downloaded. My computer rebooted itself, and upon log in, my entire desktop was black, and a lot of files were giving me notices that they were failing. I just used the windows restore to restore it a few days back, and that problem was gone. However, I then discovered that I had a redirecting virus. It doesn't redirect every single time, just periodically. Also, for some reasons, my browsers (google chrome/mozilla firefox) have been crashing a lot more frequently, normally when I do a search through google or when I load a page on google chrome. Everytime I restore that same webpage, the browser crashes. However if I delete that tab in time, the browser does not crash. Periodically, I have also been getting the blue screen of death.
BCCode:76
BCP1: 0000000000000000
BCP2: FFFFFA80034358D0
BCP3: 00000000000007D1
BCP4: 0000000000000000

Update: 9/27/2011: Received another Blue screen of death (twice), different code
BCCode: 1e
BCP1: FFFFFFFC0000005
BCP2: FFFFA80034BA7A7
BCP3: 0000000000000000
BCP4: 0000000077690000


I'm not sure if its related, but ever since getting this, google chrome has been slow when I attempt to access https, like facebook log in, amazon log in, gmail log-in. But if I keep reloading the page, eventually I get through. Then for gmail, it doesn't let me send emails, gmail just says "still working", then tells me I cannot connect to the server.
I have already tried the guide to remove redirecting viruses, TDSSkiller did not detect anything.For some reason, through google chrome if I try to sync with my google account, it states that I cannot connect to the server. Also, I have a zune, and my zune states that it can't check for updates: "Can't check the file. It might be in use, you might not be able to access the computer while the file is stored, or your proxy settings might be incorrect, 80070005". It leads me to suspect that something on my computer is blocking me from the servers or something.

So summarizing, I've got a redirecting virus, something crashing my browsers, something blocking me from servers on the internet, and something causing the blue screen of death. Thanks in advance to whom ever helps!

Here is the OTL.txt
OTL logfile created on: 9/26/2011 11:36:52 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Richard Zhou\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 55.06% Memory free
5.85 Gb Paging File | 4.30 Gb Available in Paging File | 73.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 63.99 Gb Total Space | 26.58 Gb Free Space | 41.54% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 93.88 Gb Free Space | 96.13% Space Free | Partition Type: NTFS
Drive E: | 195.31 Gb Total Space | 186.45 Gb Free Space | 95.46% Space Free | Partition Type: NTFS
Drive F: | 108.79 Gb Total Space | 106.00 Gb Free Space | 97.44% Space Free | Partition Type: NTFS

Computer Name: RICHARDZHOU-PC | User Name: Richard Zhou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/26 23:36:35 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Zhou\Desktop\OTL.exe
PRC - [2011/06/22 19:28:00 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/03 19:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/12/03 19:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010/12/02 13:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 17:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/09/17 18:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/09/17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/09/17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010/07/27 14:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/04/07 15:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 15:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/09/25 17:11:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- F:\RocketDock\RocketDock.exe
PRC - [2004/12/14 03:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- F:\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/19 22:07:39 | 000,412,728 | ---- | M] () -- C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.186\ppgooglenaclpluginchrome.dll
MOD - [2011/09/19 22:07:37 | 003,696,184 | ---- | M] () -- C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
MOD - [2011/09/19 22:06:11 | 000,142,568 | ---- | M] () -- C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.186\avutil-51.dll
MOD - [2011/09/19 22:06:10 | 000,253,320 | ---- | M] () -- C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.186\avformat-53.dll
MOD - [2011/09/19 22:06:09 | 002,403,240 | ---- | M] () -- C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.186\avcodec-53.dll
MOD - [2011/09/19 19:32:41 | 006,338,720 | ---- | M] () -- C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
MOD - [2011/06/22 19:28:00 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/03/21 16:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- F:\RocketDock\RocketDock.exe
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- F:\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/12/03 12:00:54 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/02 13:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 17:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/10/19 15:51:44 | 001,430,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/10/19 15:29:38 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/08/05 18:45:38 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2010/06/16 14:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/04/07 15:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WinDefend)
SRV:64bit: - [2007/06/01 03:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2010/11/23 14:33:01 | 004,012,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/11/05 04:31:00 | 000,164,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2010/11/05 04:31:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/10/01 23:56:06 | 002,430,288 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- F:\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2010/09/17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 17:11:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 12:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/09 11:14:26 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/26 13:49:28 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/05 04:31:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2010/11/05 04:31:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/10/18 03:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/10/14 20:26:48 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/07 15:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/25 11:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/08/18 11:54:36 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/08/18 11:54:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/08/18 11:54:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/08/18 11:54:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/08/18 11:54:28 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/07/22 11:39:10 | 000,295,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2010/06/21 16:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/16 14:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/06/16 14:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/03/10 12:29:28 | 000,052,144 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2009/12/14 18:09:08 | 000,163,072 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/10/26 06:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/09/03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/30 14:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 14:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/30 13:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 12:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/03/13 15:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV:64bit: - [2007/06/01 03:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2007/02/08 14:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ActionReplayDS_x64.sys -- (ActionReplayDS)
DRV:64bit: - [2006/06/18 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 E2 4E 48 15 7B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.6.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:3.6
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: F:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Richard Zhou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Richard Zhou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Richard Zhou\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Richard Zhou\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/26 17:09:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/26 17:09:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/22 21:44:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/22 21:44:17 | 000,000,000 | ---D | M]

[2011/09/22 21:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Extensions
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2011/09/22 21:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\[email protected]
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\[email protected]
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\[email protected]
[2011/09/22 21:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\[email protected]\chrome
[2011/09/22 21:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/26 17:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/12 17:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/21 19:42:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/12/26 17:09:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/26 17:09:27 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Richard Zhou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Richard Zhou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Richard Zhou\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = F:\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: FB Photo Zoom = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.19.1_0\
CHR - Extension: DivX HiQ = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Mail Checker Plus for Google Mail\u2122 = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe\1.2.3.6_0\
CHR - Extension: Hedgehog in the fog = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\
CHR - Extension: IE Tab = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\2.7.14.1_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.8_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_1\

O1 HOSTS File: ([2011/09/26 23:20:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Microsoft Office Pro 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] F:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RocketDock] F:\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = F:\RocketDock\Rainmeter.exe ()
O4 - Startup: C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegVac.lnk = C:\Program Files (x86)\RegVac Registry Cleaner\regvac.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - F:\Microsoft Office Pro 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - F:\Microsoft Office Pro 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Microsoft Office Pro 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - F:\Microsoft Office Pro 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Microsoft Office Pro 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Microsoft Office Pro 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Microsoft Office Pro 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Microsoft Office Pro 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{923F55DA-BF73-4ECA-8398-1E4DB6E52CFA}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck autocheck B)
O34 - HKLM BootExecute: (autocheck)
O34 - HKLM BootExecute: (autocheck })
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/26 23:36:31 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Richard Zhou\Desktop\OTL.exe
[2011/09/26 23:28:13 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\Desktop\Virus Removal
[2011/09/26 23:20:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/26 23:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/09/26 23:08:16 | 004,229,490 | ---- | C] (Swearware) -- C:\Users\Richard Zhou\Desktop\ComboFix.exe
[2011/09/26 23:07:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/26 23:02:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/26 22:08:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/26 16:23:28 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\Documents\RegRun2
[2011/09/24 23:25:46 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\AppData\Roaming\Malwarebytes
[2011/09/24 23:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/23 21:42:46 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/23 15:43:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/23 15:43:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/23 15:43:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/22 21:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/09/21 21:20:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/21 21:17:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/18 14:22:21 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\Desktop\Ashitaka and San
[2011/09/17 23:04:34 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\Desktop\Spirited away
[2011/09/08 21:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2011/09/08 21:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2011/09/07 19:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/09/05 16:43:59 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\Documents\Stats HW
[2011/09/04 19:43:38 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\AppData\Local\assembly
[2011/09/04 18:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression
[2011/09/04 18:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WPF Toolkit
[2011/09/04 18:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2011/09/04 18:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2011/09/04 18:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 4.0 Refresh
[2011/09/04 18:08:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/09/04 18:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/09/04 18:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2011/09/04 18:07:08 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\Documents\Visual Studio 2010
[2011/09/04 18:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/09/04 18:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2011/09/04 18:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2011/09/04 18:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone Developer Tools
[2011/09/04 18:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XDE
[2011/09/04 17:58:41 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011/09/04 17:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/09/04 17:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011/09/04 17:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/08/29 11:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/08/29 11:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

========== Files - Modified Within 30 Days ==========

[2011/09/26 23:36:35 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Zhou\Desktop\OTL.exe
[2011/09/26 23:31:25 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 23:31:25 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 23:29:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1678142520-1878762964-2660331186-1000UA.job
[2011/09/26 23:23:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/26 23:23:13 | 2355,875,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 23:20:23 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/26 23:18:47 | 000,000,509 | ---- | M] () -- C:\Users\Richard Zhou\Desktop\ERUNT.lnk
[2011/09/26 23:12:41 | 512,070,929 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/26 23:08:27 | 004,229,490 | ---- | M] (Swearware) -- C:\Users\Richard Zhou\Desktop\ComboFix.exe
[2011/09/26 16:27:17 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/09/26 16:23:30 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/09/26 16:23:30 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/09/26 16:23:30 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/09/26 15:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1678142520-1878762964-2660331186-1000Core.job
[2011/09/25 00:42:44 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/24 21:20:56 | 000,001,240 | ---- | M] () -- C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegVac.lnk
[2011/09/23 21:17:02 | 001,209,238 | ---- | M] () -- C:\Users\Richard Zhou\Desktop\Music.rar
[2011/09/22 22:21:44 | 001,778,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/22 22:21:44 | 000,662,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/22 22:21:44 | 000,402,092 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011/09/22 22:21:44 | 000,384,990 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2011/09/22 22:21:44 | 000,122,168 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/22 22:21:44 | 000,120,028 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2011/09/22 22:21:44 | 000,115,114 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011/09/22 21:44:19 | 000,001,976 | ---- | M] () -- C:\Users\Richard Zhou\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/19 21:00:26 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/19 21:00:26 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/19 20:55:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/18 14:13:57 | 001,789,492 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/16 22:38:53 | 000,027,648 | ---- | M] () -- C:\Users\Richard Zhou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/14 19:05:57 | 000,025,604 | ---- | M] () -- C:\Users\Richard Zhou\Desktop\dratini.jpg
[2011/09/11 09:59:45 | 000,495,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/08 21:54:35 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2011/08/28 23:45:35 | 000,188,074 | ---- | M] () -- C:\Users\Richard Zhou\Documents\benefit recital.pdf
[1 C:\Windows\SysNative\drivers\UMDF\*.tmp files -> C:\Windows\SysNative\drivers\UMDF\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/26 23:18:47 | 000,000,509 | ---- | C] () -- C:\Users\Richard Zhou\Desktop\ERUNT.lnk
[2011/09/26 16:23:30 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/09/26 16:23:30 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/09/26 16:23:30 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/09/25 16:59:51 | 512,070,929 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/24 21:18:41 | 000,001,240 | ---- | C] () -- C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegVac.lnk
[2011/09/23 21:16:50 | 001,209,238 | ---- | C] () -- C:\Users\Richard Zhou\Desktop\Music.rar
[2011/09/23 15:43:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/23 15:43:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/23 15:43:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/23 15:43:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/23 15:43:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/22 21:44:19 | 000,001,976 | ---- | C] () -- C:\Users\Richard Zhou\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/19 20:55:39 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/19 20:55:38 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/19 20:55:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/14 19:05:53 | 000,025,604 | ---- | C] () -- C:\Users\Richard Zhou\Desktop\dratini.jpg
[2011/09/08 21:10:05 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2011/09/04 17:52:55 | 001,789,492 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/28 23:45:33 | 000,188,074 | ---- | C] () -- C:\Users\Richard Zhou\Documents\benefit recital.pdf
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/23 22:04:24 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2011/02/13 20:20:31 | 000,027,648 | ---- | C] () -- C:\Users\Richard Zhou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/13 19:34:38 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/02/13 19:34:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/02/04 22:15:54 | 000,000,249 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/08 22:55:21 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/08 22:55:21 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/02/25 23:42:02 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Acoustica
[2010/12/26 17:18:42 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\AnvSoft
[2011/02/26 17:10:19 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Applied Acoustics Systems
[2011/09/22 16:50:15 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\D-Zed Software
[2011/09/22 16:50:15 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\FrostWire
[2010/12/26 17:16:48 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\NCH Swift Sound
[2011/02/23 23:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Neuratron
[2011/01/16 14:31:35 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\PACE Anti-Piracy
[2011/09/22 16:50:23 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\PCDr
[2011/05/24 22:05:42 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Publish Providers
[2011/09/22 16:51:29 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Rainmeter
[2011/09/22 16:50:25 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Sony
[2011/02/26 16:17:17 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\SynthMaker
[2011/09/22 16:50:25 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Update
[2011/09/22 16:51:30 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\uTorrent
[2011/09/25 00:42:44 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 00:08:49 | 000,031,932 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/26 16:27:17 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1286 bytes -> C:\Users\Richard Zhou\AppData\Local\Temp:wK2yxXPGLn0JPKoZJ6x5
@Alternate Data Stream - 1274 bytes -> C:\Users\Richard Zhou\AppData\Local\Temp:aBK2bxx5ogsaOjAy
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >

Edited by jefferyisablob, 27 September 2011 - 10:04 PM.

  • 0

Advertisements

#2
maliprog
Posted 02 October 2011 - 11:33 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello jefferyisablob and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/09/19 20:55:39 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/09/19 20:55:38 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/09/19 20:55:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
    @Alternate Data Stream - 1286 bytes -> C:\Users\Richard Zhou\AppData\Local\Temp:wK2yxXPGLn0JPKoZJ6x5
    @Alternate Data Stream - 1274 bytes -> C:\Users\Richard Zhou\AppData\Local\Temp:aBK2bxx5ogsaOjAy

    :Files
    ipconfig /flushdns /c
    C:\ProgramData\~6DSS92c31Apgjkr
    C:\ProgramData\~6DSS92c31Apgjk
    C:\ProgramData\6DSS92c31Apgjk
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Remove your old version of Combofix and

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
jefferyisablob
Posted 03 October 2011 - 02:32 PM

jefferyisablob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you for the help! This is the OTL log, I'll run combofix right after I post this.

All processes killed
========== OTL ==========
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
ADS C:\Users\Richard Zhou\AppData\Local\Temp:wK2yxXPGLn0JPKoZJ6x5 deleted successfully.
ADS C:\Users\Richard Zhou\AppData\Local\Temp:aBK2bxx5ogsaOjAy deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Richard Zhou\Desktop\cmd.bat deleted successfully.
C:\Users\Richard Zhou\Desktop\cmd.txt deleted successfully.
File\Folder C:\ProgramData\~6DSS92c31Apgjkr not found.
File\Folder C:\ProgramData\~6DSS92c31Apgjk not found.
File\Folder C:\ProgramData\6DSS92c31Apgjk not found.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : RichardZhou-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
Physical Address. . . . . . . . . : F0-DE-F1-03-59-8C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 00-27-10-7D-F7-1C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d4b3:7a80:6ba6:6642%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, October 03, 2011 3:09:56 PM
Lease Expires . . . . . . . . . . : Tuesday, October 04, 2011 3:09:56 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 285222672
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-A8-83-11-00-27-10-7D-F7-1C
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 78-DD-08-A9-2A-18
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{B930DEB2-1ED5-4A45-B7A2-63BAC7D0EF50}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.gateway.2wire.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:18b0:2a47:3f57:feb9(Preferred)
Link-local IPv6 Address . . . . . : fe80::18b0:2a47:3f57:feb9%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{132EDDCF-C327-44EF-A64E-265101FD9FDF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable ISATAP Interface {825A329A-3E9E-45A9-BF0D-A22769BFEA45}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Richard Zhou\Desktop\cmd.bat deleted successfully.
C:\Users\Richard Zhou\Desktop\cmd.txt deleted successfully.
< nslookup google.com /c >
Server: homeportal
Address: 192.168.1.254
Name: google.com
Addresses: 74.125.225.17
74.125.225.18
74.125.225.16
74.125.225.20
74.125.225.19
C:\Users\Richard Zhou\Desktop\cmd.bat deleted successfully.
C:\Users\Richard Zhou\Desktop\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
Server: homeportal
Address: 192.168.1.254
Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43
C:\Users\Richard Zhou\Desktop\cmd.bat deleted successfully.
C:\Users\Richard Zhou\Desktop\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.225.18] with 32 bytes of data:
Reply from 74.125.225.18: bytes=32 time=98ms TTL=51
Reply from 74.125.225.18: bytes=32 time=121ms TTL=51
Ping statistics for 74.125.225.18:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 98ms, Maximum = 121ms, Average = 109ms
C:\Users\Richard Zhou\Desktop\cmd.bat deleted successfully.
C:\Users\Richard Zhou\Desktop\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=203ms TTL=55
Reply from 72.30.2.43: bytes=32 time=224ms TTL=55
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 203ms, Maximum = 224ms, Average = 213ms
C:\Users\Richard Zhou\Desktop\cmd.bat deleted successfully.
C:\Users\Richard Zhou\Desktop\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
14...f0 de f1 03 59 8c ......Intel® 82577LM Gigabit Network Connection
12...00 27 10 7d f7 1c ......Intel® Centrino® Advanced-N 6200 AGN
11...78 dd 08 a9 2a 18 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.70 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.70 281
192.168.1.70 255.255.255.255 On-link 192.168.1.70 281
192.168.1.255 255.255.255.255 On-link 192.168.1.70 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.70 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.70 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:18b0:2a47:3f57:feb9/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::18b0:2a47:3f57:feb9/128
On-link
12 281 fe80::d4b3:7a80:6ba6:6642/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\Richard Zhou\Desktop\cmd.bat deleted successfully.
C:\Users\Richard Zhou\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Richard Zhou
->Temp folder emptied: 6360520 bytes
->Temporary Internet Files folder emptied: 5888755 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56958471 bytes
->Google Chrome cache emptied: 89866771 bytes
->Flash cache emptied: 1946 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79031 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 60760 bytes
RecycleBin emptied: 130038 bytes

Total Files Cleaned = 152.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Richard Zhou
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10032011_151452

Files\Folders moved on Reboot...
C:\Users\Richard Zhou\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\bn[1].htm moved successfully.
File\Folder C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\fan[1].htm not found!
File\Folder C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\like[1].htm not found!
File\Folder C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\like[2].htm not found!
File\Folder C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\like[3].htm not found!
File\Folder C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\like[4].htm not found!
File\Folder C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\like[5].htm not found!
File\Folder C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\like[6].htm not found!
File\Folder C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\like[7].htm not found!
File\Folder C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\like[8].htm not found!
File\Folder C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5KPX8SN\like[9].htm not found!
C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWPI5CZ8\channels[1].htm moved successfully.
C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWPI5CZ8\like[1].htm moved successfully.
C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWPI5CZ8\login_status[2].htm moved successfully.
C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWPI5CZ8\provider[1].htm moved successfully.
C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A726YYNQ\blank[1].htm moved successfully.
File move failed. C:\Users\Richard Zhou\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#4
jefferyisablob
Posted 03 October 2011 - 03:35 PM

jefferyisablob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Heres the combofix log,

ComboFix 11-10-03.01 - Richard Zhou 10/03/2011 15:44:28.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2996.1632 [GMT -5:00]
Running from: c:\users\Richard Zhou\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 21:14 . 2011-10-03 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-03 20:14 . 2011-10-03 20:14 -------- d-----w- C:\_OTL
2011-10-02 21:11 . 2011-10-02 21:12 -------- d-----w- c:\program files\Symantec
2011-10-02 21:11 . 2011-10-02 21:11 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-10-02 21:11 . 2007-03-22 01:33 348160 ----a-w- c:\windows\SysWow64\MSVCR71.DLL
2011-10-02 21:10 . 2011-10-02 21:13 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-10-02 21:10 . 2011-10-02 21:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-10-02 21:10 . 2011-10-02 21:11 -------- d-----w- c:\program files (x86)\Symantec
2011-09-27 04:20 . 2011-09-27 04:20 -------- d-----w- C:\_OTM
2011-09-26 21:23 . 2011-09-26 21:23 2 --shatr- c:\windows\winstart.bat
2011-09-25 04:25 . 2011-09-25 04:25 -------- d-----w- c:\users\Richard Zhou\AppData\Roaming\Malwarebytes
2011-09-25 04:25 . 2011-09-25 04:25 -------- d-----w- c:\programdata\Malwarebytes
2011-09-09 02:56 . 2011-09-09 02:56 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
2011-09-09 02:56 . 2011-09-09 02:56 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY
2011-09-09 02:56 . 2011-09-09 02:56 -------- d-----w- c:\windows\system32\drivers\UMDF\id-ID
2011-09-09 02:56 . 2011-09-09 02:56 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE
2011-09-09 02:56 . 2011-09-09 02:56 -------- d-----w- c:\windows\system32\drivers\UMDF\nb-NO
2011-09-09 02:56 . 2011-09-09 02:56 -------- d-----w- c:\windows\system32\drivers\UMDF\hu-HU
2011-09-09 02:56 . 2011-09-09 02:56 -------- d-----w- c:\windows\system32\drivers\UMDF\fi-FI
2011-09-09 02:56 . 2011-09-09 02:56 -------- d-----w- c:\windows\system32\drivers\UMDF\el-GR
2011-09-09 02:56 . 2011-09-09 02:56 -------- d-----w- c:\windows\system32\drivers\UMDF\da-DK
2011-09-09 02:56 . 2011-09-09 02:56 -------- d-----w- c:\windows\system32\drivers\UMDF\cs-CZ
2011-09-09 02:55 . 2011-09-09 02:55 -------- d-----w- c:\windows\system32\drivers\UMDF\ru-RU
2011-09-09 02:55 . 2011-09-09 02:55 -------- d-----w- c:\windows\system32\drivers\UMDF\pl-PL
2011-09-09 02:55 . 2011-09-09 02:55 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP
2011-09-09 02:55 . 2011-09-09 02:55 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR
2011-09-09 02:55 . 2011-09-09 02:55 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2011-09-09 02:55 . 2011-09-09 02:55 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2011-09-09 02:55 . 2011-09-09 02:55 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2011-09-09 02:55 . 2011-09-09 02:55 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2011-09-09 02:55 . 2011-09-09 02:55 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2011-09-09 02:55 . 2011-09-09 02:55 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2011-09-09 02:09 . 2011-09-09 02:55 -------- d-----w- c:\program files\Zune
2011-09-05 00:43 . 2011-09-22 21:51 -------- d-----w- c:\users\Richard Zhou\AppData\Local\assembly
2011-09-04 23:15 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-09-04 23:15 . 2011-09-04 23:15 -------- d-----w- c:\program files (x86)\Microsoft Expression
2011-09-04 23:15 . 2011-09-04 23:15 -------- d-----w- c:\program files (x86)\WPF Toolkit
2011-09-04 23:10 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-09-04 23:10 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-09-04 23:10 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-09-04 23:10 . 2010-02-04 15:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-09-04 23:10 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2011-09-04 23:10 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2011-09-04 23:09 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-09-04 23:09 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-09-04 23:08 . 2011-09-04 23:08 -------- d-----w- c:\windows\SysWow64\xlive
2011-09-04 23:08 . 2011-09-08 00:04 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-09-04 23:08 . 2011-09-04 23:08 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-09-04 23:07 . 2011-09-04 23:07 192736 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2011-09-04 23:01 . 2011-09-04 23:06 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2011-09-04 23:00 . 2011-09-04 23:00 -------- d-----w- c:\program files (x86)\Microsoft XDE
2011-09-04 22:59 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-09-04 22:59 . 2009-09-04 22:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-09-04 22:58 . 2011-09-04 22:58 -------- d-----w- c:\windows\symbols
2011-09-04 22:58 . 2011-09-04 23:14 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-09-04 22:58 . 2011-09-04 22:58 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-09-04 22:58 . 2011-09-04 22:58 -------- d-----w- c:\program files\Microsoft Help Viewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-15 03:12 . 2011-06-16 18:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-06 00:46 . 2011-08-06 00:46 354304 ----a-w- c:\windows\system32\ZuneCoInst.dll
2011-08-06 00:46 . 2011-08-06 00:46 405504 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2011-08-06 00:46 . 2011-08-06 00:46 67072 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2011-08-06 00:46 . 2011-08-06 00:46 45568 ----a-w- c:\windows\system32\ZunePTDNS.dll
2011-08-06 00:46 . 2011-08-06 00:46 60928 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2011-08-06 00:46 . 2011-08-06 00:46 249344 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2011-08-06 00:46 . 2011-08-06 00:46 149504 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2011-08-06 00:46 . 2011-08-06 00:46 1093632 ----a-w- c:\windows\system32\drivers\UMDF\ZuneDriver.dll
2011-07-22 05:22 . 2011-08-17 02:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:54 . 2011-08-17 02:39 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-17 02:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-17 02:41 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-17 02:41 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-17 02:41 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-17 02:41 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-17 02:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-17 02:41 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-17 02:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-17 02:41 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-17 02:41 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-17 02:41 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-17 02:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-17 02:41 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-17 02:41 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-17 02:41 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-17 02:41 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-17 02:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-17 02:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 18:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-13 18:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-09 05:26 . 2011-08-24 14:53 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:29 . 2011-08-24 14:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:46 . 2011-08-17 02:42 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="f:\rocketdock\RocketDock.exe" [2007-09-02 495616]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-23 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Acrobat Assistant 7.0"="f:\adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-11-05 1129832]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-05-18 115560]
.
c:\users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Rainmeter.lnk - f:\rocketdock\Rainmeter.exe [2011-2-6 100352]
RegVac.lnk - c:\program files (x86)\RegVac Registry Cleaner\regvac.exe [2010-12-26 2892744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2010-12-26 25214]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 1090848]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-12-26 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck autocheck B\0autocheck \0autocheck }
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-11-05 164200]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-11-05 75112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-15 136824]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1678142520-1878762964-2660331186-1000Core.job
- c:\users\Richard Zhou\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 23:07]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1678142520-1878762964-2660331186-1000UA.job
- c:\users\Richard Zhou\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 23:07]
.
2011-09-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 21:45]
.
2011-10-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 21:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"TpShocks"="TpShocks.exe" [2010-07-02 380776]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-22 85328]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - f:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - f:\adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - f:\micros~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - f:\micros~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BandiMPEG1 - c:\program files (x86)\BandiMPEG1\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-03 16:34:09
ComboFix-quarantined-files.txt 2011-10-03 21:34
ComboFix2.txt 2011-10-02 20:57
.
Pre-Run: 28,671,778,816 bytes free
Post-Run: 28,502,573,056 bytes free
.
- - End Of File - - 28943654C3B09F6826BD226565F761DC
  • 0

#5
maliprog
Posted 03 October 2011 - 11:08 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jefferyisablob,

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#6
jefferyisablob
Posted 04 October 2011 - 10:20 PM

jefferyisablob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The scan just finished after 7 hours, no threats were found and the problems still exist. I do not know the significance of this, but during the scan, occasionally Kaspersky gave notifications that some files were password locked? Or something along those lines, so the scanner could not scan those files. I tried making the full scan report in case it would help, but the program crashed while making the report. Also when I installed it, nothing was made on my desktop though the program started by itself

Edited by jefferyisablob, 04 October 2011 - 10:25 PM.

  • 0

#7
maliprog
Posted 05 October 2011 - 12:17 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jefferyisablob,

Test your system for redirections after these steps.

Step 1

Please answer these questions for me so we can narrow the problem.

  • Do you use router to to access internet?
  • Do you have any other PCs connected to that router and does they get redirected?
  • Do you get redirected in all browsers you use or this redirection only effect one browser?

Step 2

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 5

Please don't forget to include these items in your reply:

  • OTL fix log
  • aswMBR log
  • new OTL scan log
  • Answers to my questions
It would be helpful if you could post each log in separate post
  • 0

#8
jefferyisablob
Posted 05 October 2011 - 03:33 PM

jefferyisablob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I'm not sure of the significance, its the first time i've seen it, but upon reboot, the computer before loading the windows login screen displayed, the screen is black, and there is a bit of white text, "B program not found = skipping AUTOCHECK" and "{ program not found = skipping AUTOCHECK" right below that. Anyways, here is the OTL fix log

========== OTL ==========
C:\Windows\SysWOW64\bdmpegv.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Richard Zhou\Desktop\cmd.bat deleted successfully.
C:\Users\Richard Zhou\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.29.1 log created on 10052011_162452
  • 0

#9
jefferyisablob
Posted 05 October 2011 - 03:36 PM

jefferyisablob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I think we're onto something! The aswMBR detected some things!

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-05 16:34:58
-----------------------------
16:34:58.313 OS Version: Windows x64 6.1.7601 Service Pack 1
16:34:58.313 Number of processors: 4 586 0x2502
16:34:58.313 ComputerName: RICHARDZHOU-PC UserName: Richard Zhou
16:35:02.050 Initialize success
16:35:16.351 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:35:16.354 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 3
16:35:18.376 Disk 0 MBR read successfully
16:35:18.378 Disk 0 MBR scan
16:35:18.380 Disk 0 TDL4@MBR code has been found
16:35:18.382 Disk 0 MBR hidden
16:35:18.384 Disk 0 MBR [TDL4] **ROOTKIT**
16:35:18.387 Disk 0 trace - called modules:
16:35:18.393 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80034bc254]<<
16:35:18.396 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80034a0060]
16:35:18.400 3 CLASSPNP.SYS[fffff8800169143f] -> nt!IofCallDriver -> [0xfffffa8003201520]
16:35:18.403 5 ACPI.sys[fffff88000ec77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800321c060]
16:35:18.407 \Driver\atapi[0xfffffa80031f6e10] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80034bc254
16:35:18.410 Scan finished successfully
16:35:27.954 Disk 0 MBR has been saved successfully to "C:\Users\Richard Zhou\Desktop\MBR.dat"
16:35:27.962 The log file has been saved successfully to "C:\Users\Richard Zhou\Desktop\aswMBR.txt"
  • 0

#10
jefferyisablob
Posted 05 October 2011 - 03:38 PM

jefferyisablob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
* Do you use router to to access internet? Yes, I access internet through a wireless router.
* Do you have any other PCs connected to that router and does they get redirected? 3 other laptops are connected, none of them are redirected.
* Do you get redirected in all browsers you use or this redirection only effect one browser? Internet Explorer, Mozilla, Google Chrome, are all effected.
  • 0

Advertisements

#11
jefferyisablob
Posted 05 October 2011 - 03:45 PM

jefferyisablob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 10/5/2011 4:40:27 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Richard Zhou\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 59.57% Memory free
5.85 Gb Paging File | 4.32 Gb Available in Paging File | 73.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 63.99 Gb Total Space | 28.19 Gb Free Space | 44.06% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 93.88 Gb Free Space | 96.13% Space Free | Partition Type: NTFS
Drive E: | 195.31 Gb Total Space | 186.44 Gb Free Space | 95.46% Space Free | Partition Type: NTFS
Drive F: | 108.79 Gb Total Space | 106.00 Gb Free Space | 97.44% Space Free | Partition Type: NTFS

Computer Name: RICHARDZHOU-PC | User Name: Richard Zhou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/26 23:36:35 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Zhou\Desktop\OTL.exe
PRC - [2011/06/22 19:28:00 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/03 19:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/12/03 19:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010/12/02 13:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 17:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/09/17 18:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/09/17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/09/17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010/07/27 14:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/05/18 15:49:44 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/18 15:49:44 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/05/18 15:49:38 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/05/18 15:49:38 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/04/07 15:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 15:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/09/25 17:11:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- F:\RocketDock\RocketDock.exe
PRC - [2004/12/14 03:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- F:\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/22 19:28:00 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/03/21 16:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- F:\RocketDock\RocketDock.exe
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- F:\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/12/03 12:00:54 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/02 13:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 17:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/10/19 15:51:44 | 001,430,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/10/19 15:29:38 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/08/05 18:45:38 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2010/06/16 14:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/04/07 15:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WinDefend)
SRV:64bit: - [2007/06/01 03:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2010/11/23 14:33:01 | 004,012,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/11/05 04:31:00 | 000,164,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2010/11/05 04:31:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/10/01 23:56:06 | 002,430,288 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- F:\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2010/09/17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/05/18 15:49:44 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/18 15:49:44 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/05/18 15:49:42 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/05/18 15:49:40 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/05/18 15:49:38 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/09/25 17:11:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 12:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/02 16:11:58 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/06/09 11:14:26 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/26 13:49:28 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/05 04:31:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2010/11/05 04:31:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/10/18 03:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/10/14 20:26:48 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/07 15:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/25 11:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/08/18 11:54:36 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/08/18 11:54:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/08/18 11:54:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/08/18 11:54:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/08/18 11:54:28 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/07/22 11:39:10 | 000,295,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2010/06/21 16:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/16 14:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/06/16 14:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/05/18 15:49:44 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/05/18 15:49:44 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/05/18 15:49:44 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/03/10 12:29:28 | 000,052,144 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2009/12/14 18:09:08 | 000,163,072 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/10/26 06:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/09/03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/30 14:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 14:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/30 13:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 12:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/03/13 15:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV:64bit: - [2007/06/01 03:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2007/02/08 14:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ActionReplayDS_x64.sys -- (ActionReplayDS)
DRV:64bit: - [2006/06/18 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/09/15 11:21:54 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111004.033\EX64.SYS -- (NAVEX15)
DRV - [2011/09/15 11:21:54 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/09/15 11:21:54 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/15 11:21:54 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111004.033\ENG64.SYS -- (NAVENG)
DRV - [2010/05/18 15:49:44 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/05/18 15:49:44 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/05/18 15:49:44 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 E2 4E 48 15 7B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: F:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Richard Zhou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Richard Zhou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Richard Zhou\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Richard Zhou\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/26 17:09:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/26 17:09:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 11:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/05 11:26:30 | 000,000,000 | ---D | M]

[2011/09/22 21:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Extensions
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2011/09/22 21:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\[email protected]
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\[email protected]
[2011/09/22 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\[email protected]
[2011/09/22 21:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard Zhou\AppData\Roaming\Mozilla\Firefox\Profiles\2bkqif9m.default\extensions\[email protected]\chrome
[2011/09/22 21:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/26 17:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/12 17:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/21 19:42:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/12/26 17:09:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/26 17:09:27 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Richard Zhou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Richard Zhou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Richard Zhou\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = F:\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: FB Photo Zoom = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\
CHR - Extension: DivX HiQ = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Mail Checker Plus for Google Mail\u2122 = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe\1.2.3.6_0\
CHR - Extension: Hedgehog in the fog = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\
CHR - Extension: IE Tab = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\2.7.14.1_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.8_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Richard Zhou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_1\

O1 HOSTS File: ([2011/09/26 23:20:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Microsoft Office Pro 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] F:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RocketDock] F:\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = F:\RocketDock\Rainmeter.exe ()
O4 - Startup: C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegVac.lnk = C:\Program Files (x86)\RegVac Registry Cleaner\regvac.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - F:\Microsoft Office Pro 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - F:\Microsoft Office Pro 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - F:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Microsoft Office Pro 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - F:\Microsoft Office Pro 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Microsoft Office Pro 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Microsoft Office Pro 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Microsoft Office Pro 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Microsoft Office Pro 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{923F55DA-BF73-4ECA-8398-1E4DB6E52CFA}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck autocheck B)
O34 - HKLM BootExecute: (autocheck)
O34 - HKLM BootExecute: (autocheck })
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/05 16:33:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Richard Zhou\Desktop\aswMBR.exe
[2011/10/05 16:24:19 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\Desktop\logs
[2011/10/04 16:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/03 16:37:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/03 16:34:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/03 15:37:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/03 15:37:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/03 15:36:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/03 15:34:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/03 15:32:53 | 004,240,992 | R--- | C] (Swearware) -- C:\Users\Richard Zhou\Desktop\ComboFix.exe
[2011/10/03 15:14:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/02 17:26:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Richard Zhou\Desktop\dds.scr
[2011/10/02 16:11:38 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/02 16:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/02 16:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/02 16:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/10/02 16:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2011/10/02 16:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2011/09/26 23:36:31 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Richard Zhou\Desktop\OTL.exe
[2011/09/26 23:28:13 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\Desktop\Virus Removal
[2011/09/26 23:20:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/26 23:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/09/26 16:23:28 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\Documents\RegRun2
[2011/09/24 23:25:46 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\AppData\Roaming\Malwarebytes
[2011/09/24 23:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/23 21:42:46 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/23 15:43:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/22 21:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/09/21 21:20:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/08 21:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2011/09/08 21:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2011/09/07 19:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/09/05 16:43:59 | 000,000,000 | ---D | C] -- C:\Users\Richard Zhou\Documents\Stats HW

========== Files - Modified Within 30 Days ==========

[2011/10/05 16:36:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/05 16:35:27 | 000,000,512 | ---- | M] () -- C:\Users\Richard Zhou\Desktop\MBR.dat
[2011/10/05 16:34:44 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/05 16:34:44 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/05 16:34:16 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Richard Zhou\Desktop\aswMBR.exe
[2011/10/05 16:33:59 | 001,790,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/05 16:33:59 | 000,665,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/05 16:33:59 | 000,405,034 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011/10/05 16:33:59 | 000,387,932 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2011/10/05 16:33:59 | 000,123,050 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/05 16:33:59 | 000,120,910 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2011/10/05 16:33:59 | 000,115,996 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011/10/05 16:29:03 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1678142520-1878762964-2660331186-1000UA.job
[2011/10/05 16:26:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/05 16:26:23 | 2355,875,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/04 16:32:28 | 098,341,528 | ---- | M] () -- C:\Users\Richard Zhou\Desktop\setup_11.0.0.1245.x01_2011_10_04_23_19.exe
[2011/10/03 15:33:09 | 004,240,992 | R--- | M] (Swearware) -- C:\Users\Richard Zhou\Desktop\ComboFix.exe
[2011/10/03 15:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1678142520-1878762964-2660331186-1000Core.job
[2011/10/02 17:26:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Richard Zhou\Desktop\dds.scr
[2011/10/02 16:11:58 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/02 16:11:58 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/02 16:11:58 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/02 14:30:16 | 014,261,613 | ---- | M] () -- C:\Users\Richard Zhou\Desktop\RainBackup.rmskin
[2011/09/26 23:36:35 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Zhou\Desktop\OTL.exe
[2011/09/26 23:20:23 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/26 23:18:47 | 000,000,509 | ---- | M] () -- C:\Users\Richard Zhou\Desktop\ERUNT.lnk
[2011/09/26 16:23:30 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/09/26 16:23:30 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/09/26 16:23:30 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/09/25 00:42:44 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/24 21:20:56 | 000,001,240 | ---- | M] () -- C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegVac.lnk
[2011/09/22 21:44:19 | 000,001,976 | ---- | M] () -- C:\Users\Richard Zhou\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/18 14:13:57 | 001,789,492 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/16 22:38:53 | 000,027,648 | ---- | M] () -- C:\Users\Richard Zhou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 09:59:45 | 000,495,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/08 21:54:35 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[1 C:\Windows\SysNative\drivers\UMDF\*.tmp files -> C:\Windows\SysNative\drivers\UMDF\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/05 16:35:27 | 000,000,512 | ---- | C] () -- C:\Users\Richard Zhou\Desktop\MBR.dat
[2011/10/04 16:29:07 | 098,341,528 | ---- | C] () -- C:\Users\Richard Zhou\Desktop\setup_11.0.0.1245.x01_2011_10_04_23_19.exe
[2011/10/03 15:37:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/03 15:37:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/03 15:37:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/03 15:37:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/03 15:37:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/02 16:11:38 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/02 16:11:38 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/02 14:29:50 | 014,261,613 | ---- | C] () -- C:\Users\Richard Zhou\Desktop\RainBackup.rmskin
[2011/09/26 23:18:47 | 000,000,509 | ---- | C] () -- C:\Users\Richard Zhou\Desktop\ERUNT.lnk
[2011/09/26 16:23:30 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/09/26 16:23:30 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/09/26 16:23:30 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/09/24 21:18:41 | 000,001,240 | ---- | C] () -- C:\Users\Richard Zhou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegVac.lnk
[2011/09/22 21:44:19 | 000,001,976 | ---- | C] () -- C:\Users\Richard Zhou\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/08 21:10:05 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2011/09/04 17:52:55 | 001,789,492 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/23 22:04:24 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2011/02/13 20:20:31 | 000,027,648 | ---- | C] () -- C:\Users\Richard Zhou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/13 19:34:38 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/02/13 19:34:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/02/04 22:15:54 | 000,000,249 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/08 22:55:21 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/08 22:55:21 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/02/25 23:42:02 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Acoustica
[2010/12/26 17:18:42 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\AnvSoft
[2011/02/26 17:10:19 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Applied Acoustics Systems
[2011/09/22 16:50:15 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\D-Zed Software
[2011/10/02 19:21:26 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\FrostWire
[2010/12/26 17:16:48 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\NCH Swift Sound
[2011/02/23 23:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Neuratron
[2011/01/16 14:31:35 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\PACE Anti-Piracy
[2011/09/22 16:50:23 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\PCDr
[2011/05/24 22:05:42 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Publish Providers
[2011/09/22 16:51:29 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Rainmeter
[2011/09/22 16:50:25 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Sony
[2011/02/26 16:17:17 | 000,000,000 | -H-D | M] -- C:\Users\Richard Zhou\AppData\Roaming\SynthMaker
[2011/09/22 16:50:25 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\Update
[2011/09/22 16:51:30 | 000,000,000 | ---D | M] -- C:\Users\Richard Zhou\AppData\Roaming\uTorrent
[2011/09/25 00:42:44 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/27 21:21:40 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/05 16:36:01 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >
  • 0

#12
maliprog
Posted 05 October 2011 - 11:16 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jefferyisablob,

Great! This is the cause of all you problems :). Let's fix this. After these steps test your system for redirection.

Step 1

Re-Run aswMBR

  • Click Scan
  • On completion of the scan
  • Click the Fix button (DO NOT select FIXMBR button)
  • Save the log as before and post in your next reply

Step 2

Please read carefully and follow these steps.

Delete your version of TDSSKiller and download new one as described bellow.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Can you please ZIP and attach this file

C:\Users\Richard Zhou\Desktop\MBR.dat

Step 4

Please don't forget to include these items in your reply:

  • aswMBR log
  • TDSSKiller log
  • attach MBR.dat
It would be helpful if you could post each log in separate post
  • 0

#13
jefferyisablob
Posted 06 October 2011 - 03:41 PM

jefferyisablob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
16:39:00.0448 5768 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
16:39:01.0133 5768 ============================================================
16:39:01.0133 5768 Current date / time: 2011/10/06 16:39:01.0133
16:39:01.0133 5768 SystemInfo:
16:39:01.0133 5768
16:39:01.0133 5768 OS Version: 6.1.7601 ServicePack: 1.0
16:39:01.0133 5768 Product type: Workstation
16:39:01.0134 5768 ComputerName: RICHARDZHOU-PC
16:39:01.0134 5768 UserName: Richard Zhou
16:39:01.0134 5768 Windows directory: C:\Windows
16:39:01.0134 5768 System windows directory: C:\Windows
16:39:01.0134 5768 Running under WOW64
16:39:01.0134 5768 Processor architecture: Intel x64
16:39:01.0134 5768 Number of processors: 4
16:39:01.0134 5768 Page size: 0x1000
16:39:01.0134 5768 Boot type: Normal boot
16:39:01.0134 5768 ============================================================
16:39:02.0177 5768 Initialize success
16:39:22.0841 1268 ============================================================
16:39:22.0841 1268 Scan started
16:39:22.0841 1268 Mode: Manual;
16:39:22.0841 1268 ============================================================
16:39:23.0745 1268 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:39:23.0748 1268 1394ohci - ok
16:39:23.0783 1268 5U877 (708ccd77b9363f245d9f9ace480824ca) C:\Windows\system32\DRIVERS\5U877.sys
16:39:23.0786 1268 5U877 - ok
16:39:23.0843 1268 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:39:23.0847 1268 ACPI - ok
16:39:23.0866 1268 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:39:23.0866 1268 AcpiPmi - ok
16:39:23.0929 1268 ActionReplayDS (5c4219c10b5887dff85e1d2779aed55b) C:\Windows\system32\Drivers\ActionReplayDS_x64.sys
16:39:23.0929 1268 ActionReplayDS - ok
16:39:23.0966 1268 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:39:23.0971 1268 adp94xx - ok
16:39:23.0989 1268 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:39:23.0992 1268 adpahci - ok
16:39:24.0021 1268 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:39:24.0022 1268 adpu320 - ok
16:39:24.0080 1268 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:39:24.0086 1268 AFD - ok
16:39:24.0122 1268 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:39:24.0122 1268 agp440 - ok
16:39:24.0148 1268 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:39:24.0149 1268 aliide - ok
16:39:24.0184 1268 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:39:24.0185 1268 amdide - ok
16:39:24.0206 1268 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:39:24.0207 1268 AmdK8 - ok
16:39:24.0222 1268 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:39:24.0223 1268 AmdPPM - ok
16:39:24.0264 1268 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:39:24.0265 1268 amdsata - ok
16:39:24.0292 1268 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:39:24.0293 1268 amdsbs - ok
16:39:24.0314 1268 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:39:24.0314 1268 amdxata - ok
16:39:24.0348 1268 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:39:24.0348 1268 AppID - ok
16:39:24.0383 1268 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:39:24.0383 1268 arc - ok
16:39:24.0404 1268 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:39:24.0405 1268 arcsas - ok
16:39:24.0446 1268 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:39:24.0448 1268 AsyncMac - ok
16:39:24.0479 1268 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:39:24.0480 1268 atapi - ok
16:39:24.0513 1268 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:39:24.0517 1268 b06bdrv - ok
16:39:24.0553 1268 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:39:24.0554 1268 b57nd60a - ok
16:39:24.0578 1268 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:39:24.0579 1268 Beep - ok
16:39:24.0616 1268 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:39:24.0617 1268 blbdrive - ok
16:39:24.0664 1268 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:39:24.0666 1268 bowser - ok
16:39:24.0679 1268 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:39:24.0680 1268 BrFiltLo - ok
16:39:24.0700 1268 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:39:24.0700 1268 BrFiltUp - ok
16:39:24.0728 1268 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:39:24.0731 1268 Brserid - ok
16:39:24.0749 1268 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:39:24.0750 1268 BrSerWdm - ok
16:39:24.0771 1268 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:39:24.0771 1268 BrUsbMdm - ok
16:39:24.0789 1268 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:39:24.0789 1268 BrUsbSer - ok
16:39:24.0854 1268 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:39:24.0856 1268 BthEnum - ok
16:39:24.0887 1268 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:39:24.0887 1268 BTHMODEM - ok
16:39:24.0917 1268 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:39:24.0919 1268 BthPan - ok
16:39:24.0940 1268 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:39:24.0947 1268 BTHPORT - ok
16:39:24.0967 1268 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:39:24.0969 1268 BTHUSB - ok
16:39:25.0000 1268 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
16:39:25.0001 1268 btusbflt - ok
16:39:25.0030 1268 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
16:39:25.0031 1268 btwaudio - ok
16:39:25.0052 1268 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\drivers\btwavdt.sys
16:39:25.0053 1268 btwavdt - ok
16:39:25.0073 1268 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:39:25.0074 1268 btwl2cap - ok
16:39:25.0094 1268 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
16:39:25.0095 1268 btwrchid - ok
16:39:25.0113 1268 catchme - ok
16:39:25.0139 1268 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:39:25.0143 1268 CAXHWAZL - ok
16:39:25.0206 1268 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:39:25.0218 1268 cdfs - ok
16:39:25.0265 1268 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:39:25.0268 1268 cdrom - ok
16:39:25.0305 1268 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:39:25.0306 1268 circlass - ok
16:39:25.0335 1268 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:39:25.0340 1268 CLFS - ok
16:39:25.0377 1268 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:39:25.0379 1268 CmBatt - ok
16:39:25.0414 1268 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:39:25.0414 1268 cmdide - ok
16:39:25.0444 1268 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:39:25.0450 1268 CNG - ok
16:39:25.0506 1268 CnxtHdAudService (22bc1c27274d1cb1c3a8c14cdba0cdf2) C:\Windows\system32\drivers\CHDRT64.sys
16:39:25.0509 1268 CnxtHdAudService - ok
16:39:25.0532 1268 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:39:25.0533 1268 Compbatt - ok
16:39:25.0566 1268 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:39:25.0567 1268 CompositeBus - ok
16:39:25.0595 1268 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:39:25.0595 1268 crcdisk - ok
16:39:25.0651 1268 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:39:25.0658 1268 CSC - ok
16:39:25.0714 1268 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:39:25.0717 1268 DfsC - ok
16:39:25.0740 1268 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:39:25.0742 1268 discache - ok
16:39:25.0773 1268 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:39:25.0773 1268 Disk - ok
16:39:25.0818 1268 DKRtWrt (0172038dabf0df25b2d95cd886b8aa56) C:\Windows\system32\DRIVERS\DKRtWrt.sys
16:39:25.0819 1268 DKRtWrt - ok
16:39:25.0867 1268 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:39:25.0868 1268 drmkaud - ok
16:39:25.0884 1268 dump_wmimmc - ok
16:39:25.0928 1268 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:39:25.0932 1268 DXGKrnl - ok
16:39:25.0963 1268 DzHDD64 (5bdef3faa1bfd9c9c5d3dc972049f0fa) C:\Windows\system32\DRIVERS\DzHDD64.sys
16:39:25.0964 1268 DzHDD64 - ok
16:39:26.0004 1268 e1kexpress (3fac023e44bcae77e62770f8fd476a2a) C:\Windows\system32\DRIVERS\e1k62x64.sys
16:39:26.0006 1268 e1kexpress - ok
16:39:26.0054 1268 EagleX64 - ok
16:39:26.0138 1268 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:39:26.0232 1268 ebdrv - ok
16:39:26.0327 1268 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:39:26.0329 1268 eeCtrl - ok
16:39:26.0426 1268 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:39:26.0432 1268 elxstor - ok
16:39:26.0472 1268 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:39:26.0472 1268 EraserUtilRebootDrv - ok
16:39:26.0504 1268 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:39:26.0505 1268 ErrDev - ok
16:39:26.0540 1268 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:39:26.0555 1268 exfat - ok
16:39:26.0577 1268 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:39:26.0600 1268 fastfat - ok
16:39:26.0641 1268 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:39:26.0642 1268 fdc - ok
16:39:26.0680 1268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:39:26.0680 1268 FileInfo - ok
16:39:26.0698 1268 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:39:26.0712 1268 Filetrace - ok
16:39:26.0735 1268 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:39:26.0736 1268 flpydisk - ok
16:39:26.0768 1268 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:39:26.0772 1268 FltMgr - ok
16:39:26.0828 1268 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:39:26.0837 1268 FsDepends - ok
16:39:26.0857 1268 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:39:26.0857 1268 Fs_Rec - ok
16:39:26.0885 1268 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:39:26.0886 1268 fvevol - ok
16:39:26.0918 1268 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:39:26.0918 1268 gagp30kx - ok
16:39:26.0959 1268 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:39:26.0960 1268 GEARAspiWDM - ok
16:39:27.0020 1268 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:39:27.0020 1268 hcw85cir - ok
16:39:27.0070 1268 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:39:27.0072 1268 HdAudAddService - ok
16:39:27.0107 1268 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:39:27.0108 1268 HDAudBus - ok
16:39:27.0130 1268 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:39:27.0130 1268 HidBatt - ok
16:39:27.0152 1268 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:39:27.0154 1268 HidBth - ok
16:39:27.0175 1268 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:39:27.0176 1268 HidIr - ok
16:39:27.0225 1268 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:39:27.0227 1268 HidUsb - ok
16:39:27.0275 1268 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:39:27.0276 1268 HpSAMD - ok
16:39:27.0331 1268 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:39:27.0357 1268 HSF_DPV - ok
16:39:27.0401 1268 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:39:27.0431 1268 HTTP - ok
16:39:27.0476 1268 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:39:27.0477 1268 hwpolicy - ok
16:39:27.0513 1268 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:39:27.0516 1268 i8042prt - ok
16:39:27.0589 1268 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:39:27.0593 1268 iaStorV - ok
16:39:27.0622 1268 IBMPMDRV (16a43abb5a334c7842f4a60cf9ff8041) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:39:27.0623 1268 IBMPMDRV - ok
16:39:27.0651 1268 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:39:27.0652 1268 iirsp - ok
16:39:27.0713 1268 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:39:27.0713 1268 intelide - ok
16:39:27.0786 1268 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:39:27.0789 1268 intelppm - ok
16:39:27.0843 1268 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:39:27.0844 1268 IpFilterDriver - ok
16:39:27.0961 1268 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:39:27.0962 1268 IPMIDRV - ok
16:39:27.0994 1268 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:39:27.0994 1268 IPNAT - ok
16:39:28.0032 1268 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:39:28.0033 1268 IRENUM - ok
16:39:28.0049 1268 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:39:28.0049 1268 isapnp - ok
16:39:28.0077 1268 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:39:28.0078 1268 iScsiPrt - ok
16:39:28.0104 1268 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:39:28.0105 1268 kbdclass - ok
16:39:28.0138 1268 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:39:28.0138 1268 kbdhid - ok
16:39:28.0216 1268 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:39:28.0217 1268 KSecDD - ok
16:39:28.0296 1268 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:39:28.0297 1268 KSecPkg - ok
16:39:28.0332 1268 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:39:28.0333 1268 ksthunk - ok
16:39:28.0401 1268 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
16:39:28.0401 1268 lenovo.smi - ok
16:39:28.0459 1268 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:39:28.0461 1268 lltdio - ok
16:39:28.0500 1268 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:39:28.0501 1268 LSI_FC - ok
16:39:28.0522 1268 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:39:28.0522 1268 LSI_SAS - ok
16:39:28.0536 1268 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:39:28.0537 1268 LSI_SAS2 - ok
16:39:28.0564 1268 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:39:28.0565 1268 LSI_SCSI - ok
16:39:28.0585 1268 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:39:28.0587 1268 luafv - ok
16:39:28.0621 1268 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:39:28.0622 1268 mdmxsdk - ok
16:39:28.0637 1268 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:39:28.0638 1268 megasas - ok
16:39:28.0659 1268 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:39:28.0661 1268 MegaSR - ok
16:39:28.0684 1268 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:39:28.0685 1268 Modem - ok
16:39:28.0718 1268 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:39:28.0718 1268 monitor - ok
16:39:28.0763 1268 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:39:28.0764 1268 mouclass - ok
16:39:28.0799 1268 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:39:28.0801 1268 mouhid - ok
16:39:28.0839 1268 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:39:28.0842 1268 mountmgr - ok
16:39:28.0905 1268 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:39:28.0906 1268 mpio - ok
16:39:28.0928 1268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:39:28.0930 1268 mpsdrv - ok
16:39:28.0993 1268 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:39:29.0011 1268 MRxDAV - ok
16:39:29.0089 1268 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:39:29.0092 1268 mrxsmb - ok
16:39:29.0136 1268 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:39:29.0140 1268 mrxsmb10 - ok
16:39:29.0162 1268 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:39:29.0165 1268 mrxsmb20 - ok
16:39:29.0211 1268 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:39:29.0212 1268 msahci - ok
16:39:29.0235 1268 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:39:29.0236 1268 msdsm - ok
16:39:29.0259 1268 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:39:29.0261 1268 Msfs - ok
16:39:29.0285 1268 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:39:29.0285 1268 mshidkmdf - ok
16:39:29.0308 1268 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:39:29.0308 1268 msisadrv - ok
16:39:29.0343 1268 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:39:29.0344 1268 MSKSSRV - ok
16:39:29.0394 1268 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:39:29.0395 1268 MSPCLOCK - ok
16:39:29.0427 1268 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:39:29.0429 1268 MSPQM - ok
16:39:29.0465 1268 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:39:29.0469 1268 MsRPC - ok
16:39:29.0491 1268 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:39:29.0492 1268 mssmbios - ok
16:39:29.0515 1268 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:39:29.0516 1268 MSTEE - ok
16:39:29.0536 1268 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:39:29.0536 1268 MTConfig - ok
16:39:29.0563 1268 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:39:29.0564 1268 Mup - ok
16:39:29.0616 1268 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:39:29.0620 1268 NativeWifiP - ok
16:39:29.0715 1268 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111005.033\ENG64.SYS
16:39:29.0716 1268 NAVENG - ok
16:39:29.0778 1268 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111005.033\EX64.SYS
16:39:29.0788 1268 NAVEX15 - ok
16:39:29.0885 1268 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:39:29.0902 1268 NDIS - ok
16:39:29.0941 1268 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:39:29.0942 1268 NdisCap - ok
16:39:29.0963 1268 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:39:29.0965 1268 NdisTapi - ok
16:39:29.0997 1268 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:39:29.0999 1268 Ndisuio - ok
16:39:30.0030 1268 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:39:30.0033 1268 NdisWan - ok
16:39:30.0078 1268 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:39:30.0080 1268 NDProxy - ok
16:39:30.0091 1268 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:39:30.0094 1268 NetBIOS - ok
16:39:30.0128 1268 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:39:30.0132 1268 NetBT - ok
16:39:30.0309 1268 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:39:30.0435 1268 NETwNs64 - ok
16:39:30.0459 1268 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:39:30.0460 1268 nfrd960 - ok
16:39:30.0475 1268 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:39:30.0477 1268 Npfs - ok
16:39:30.0486 1268 NPPTNT2 - ok
16:39:30.0504 1268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:39:30.0505 1268 nsiproxy - ok
16:39:30.0599 1268 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:39:30.0630 1268 Ntfs - ok
16:39:30.0691 1268 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:39:30.0692 1268 Null - ok
16:39:30.0777 1268 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
16:39:30.0778 1268 NVHDA - ok
16:39:31.0112 1268 nvlddmkm (6ef8c7a051804570000670800f6174fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:39:31.0166 1268 nvlddmkm - ok
16:39:31.0238 1268 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:39:31.0239 1268 nvraid - ok
16:39:31.0260 1268 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:39:31.0261 1268 nvstor - ok
16:39:31.0341 1268 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:39:31.0342 1268 nv_agp - ok
16:39:31.0441 1268 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:39:31.0441 1268 ohci1394 - ok
16:39:31.0490 1268 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:39:31.0491 1268 Parport - ok
16:39:31.0522 1268 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:39:31.0523 1268 partmgr - ok
16:39:31.0566 1268 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:39:31.0567 1268 pci - ok
16:39:31.0590 1268 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:39:31.0591 1268 pciide - ok
16:39:31.0655 1268 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:39:31.0657 1268 pcmcia - ok
16:39:31.0678 1268 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:39:31.0679 1268 pcw - ok
16:39:31.0754 1268 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:39:31.0761 1268 PEAUTH - ok
16:39:31.0850 1268 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:39:31.0852 1268 PptpMiniport - ok
16:39:31.0916 1268 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:39:31.0916 1268 Processor - ok
16:39:31.0962 1268 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
16:39:31.0962 1268 psadd - ok
16:39:32.0045 1268 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:39:32.0048 1268 Psched - ok
16:39:32.0147 1268 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:39:32.0170 1268 ql2300 - ok
16:39:32.0202 1268 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:39:32.0203 1268 ql40xx - ok
16:39:32.0287 1268 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:39:32.0288 1268 QWAVEdrv - ok
16:39:32.0365 1268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:39:32.0366 1268 RasAcd - ok
16:39:32.0395 1268 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:39:32.0397 1268 RasAgileVpn - ok
16:39:32.0429 1268 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:39:32.0432 1268 Rasl2tp - ok
16:39:32.0457 1268 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:39:32.0459 1268 RasPppoe - ok
16:39:32.0492 1268 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:39:32.0494 1268 RasSstp - ok
16:39:32.0532 1268 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:39:32.0538 1268 rdbss - ok
16:39:32.0607 1268 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:39:32.0612 1268 rdpbus - ok
16:39:32.0677 1268 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:39:32.0678 1268 RDPCDD - ok
16:39:32.0717 1268 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:39:32.0718 1268 RDPDR - ok
16:39:32.0770 1268 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:39:32.0772 1268 RDPENCDD - ok
16:39:32.0868 1268 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:39:32.0869 1268 RDPREFMP - ok
16:39:32.0911 1268 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:39:32.0912 1268 RdpVideoMiniport - ok
16:39:32.0943 1268 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:39:32.0944 1268 RDPWD - ok
16:39:32.0987 1268 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:39:32.0989 1268 rdyboost - ok
16:39:33.0050 1268 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:39:33.0053 1268 RFCOMM - ok
16:39:33.0084 1268 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
16:39:33.0086 1268 rimspci - ok
16:39:33.0179 1268 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:39:33.0181 1268 rspndr - ok
16:39:33.0212 1268 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:39:33.0213 1268 s3cap - ok
16:39:33.0274 1268 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:39:33.0275 1268 sbp2port - ok
16:39:33.0346 1268 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:39:33.0347 1268 scfilter - ok
16:39:33.0375 1268 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:39:33.0378 1268 sdbus - ok
16:39:33.0397 1268 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:39:33.0398 1268 secdrv - ok
16:39:33.0430 1268 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:39:33.0431 1268 Serenum - ok
16:39:33.0452 1268 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:39:33.0453 1268 Serial - ok
16:39:33.0483 1268 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:39:33.0484 1268 sermouse - ok
16:39:33.0539 1268 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:39:33.0539 1268 sffdisk - ok
16:39:33.0556 1268 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:39:33.0556 1268 sffp_mmc - ok
16:39:33.0572 1268 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:39:33.0573 1268 sffp_sd - ok
16:39:33.0632 1268 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:39:33.0633 1268 sfloppy - ok
16:39:33.0721 1268 Shockprf (29e316de2c0261c30c08f872032c53a2) C:\Windows\system32\DRIVERS\Apsx64.sys
16:39:33.0724 1268 Shockprf - ok
16:39:33.0753 1268 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:39:33.0754 1268 SiSRaid2 - ok
16:39:33.0774 1268 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:39:33.0775 1268 SiSRaid4 - ok
16:39:33.0834 1268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:39:33.0835 1268 Smb - ok
16:39:33.0940 1268 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
16:39:33.0940 1268 smihlp - ok
16:39:33.0998 1268 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:39:33.0999 1268 spldr - ok
16:39:34.0102 1268 SRTSP (c0691f43ea87761b67df6384cfc30b8d) C:\Windows\system32\Drivers\SRTSP64.SYS
16:39:34.0105 1268 SRTSP - ok
16:39:34.0187 1268 SRTSPL (b0304f6120848db7d7709843e2294705) C:\Windows\system32\Drivers\SRTSPL64.SYS
16:39:34.0193 1268 SRTSPL - ok
16:39:34.0235 1268 SRTSPX (165fde7386d792efac992eea34d03bc1) C:\Windows\system32\Drivers\SRTSPX64.SYS
16:39:34.0235 1268 SRTSPX - ok
16:39:34.0277 1268 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:39:34.0283 1268 srv - ok
16:39:34.0357 1268 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:39:34.0363 1268 srv2 - ok
16:39:34.0454 1268 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:39:34.0455 1268 SrvHsfHDA - ok
16:39:34.0534 1268 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:39:34.0596 1268 SrvHsfV92 - ok
16:39:34.0625 1268 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:39:34.0631 1268 SrvHsfWinac - ok
16:39:34.0688 1268 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:39:34.0692 1268 srvnet - ok
16:39:34.0761 1268 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:39:34.0762 1268 stexstor - ok
16:39:34.0881 1268 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:39:34.0882 1268 storflt - ok
16:39:34.0902 1268 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:39:34.0902 1268 storvsc - ok
16:39:34.0917 1268 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:39:34.0917 1268 swenum - ok
16:39:34.0979 1268 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:39:34.0980 1268 SymEvent - ok
16:39:34.0998 1268 Synth3dVsc - ok
16:39:35.0052 1268 SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys
16:39:35.0057 1268 SynTP - ok
16:39:35.0133 1268 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:39:35.0167 1268 Tcpip - ok
16:39:35.0216 1268 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:39:35.0223 1268 TCPIP6 - ok
16:39:35.0257 1268 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:39:35.0259 1268 tcpipreg - ok
16:39:35.0286 1268 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:39:35.0286 1268 TDPIPE - ok
16:39:35.0308 1268 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:39:35.0308 1268 TDTCP - ok
16:39:35.0341 1268 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:39:35.0343 1268 tdx - ok
16:39:35.0368 1268 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:39:35.0369 1268 TermDD - ok
16:39:35.0424 1268 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
16:39:35.0425 1268 TIEHDUSB - ok
16:39:35.0455 1268 TPDIGIMN (8b359a7f4c715b84c76de3c5167797c5) C:\Windows\system32\DRIVERS\ApsHM64.sys
16:39:35.0456 1268 TPDIGIMN - ok
16:39:35.0493 1268 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
16:39:35.0495 1268 TPM - ok
16:39:35.0527 1268 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
16:39:35.0528 1268 TPPWRIF - ok
16:39:35.0598 1268 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:39:35.0598 1268 tssecsrv - ok
16:39:35.0711 1268 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:39:35.0712 1268 TsUsbFlt - ok
16:39:35.0721 1268 tsusbhub - ok
16:39:35.0770 1268 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:39:35.0772 1268 tunnel - ok
16:39:35.0815 1268 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:39:35.0816 1268 uagp35 - ok
16:39:35.0856 1268 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:39:35.0874 1268 udfs - ok
16:39:35.0935 1268 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:39:35.0935 1268 uliagpkx - ok
16:39:35.0980 1268 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:39:35.0982 1268 umbus - ok
16:39:36.0011 1268 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:39:36.0011 1268 UmPass - ok
16:39:36.0052 1268 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
16:39:36.0053 1268 USBAAPL64 - ok
16:39:36.0082 1268 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:39:36.0084 1268 usbccgp - ok
16:39:36.0119 1268 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:39:36.0120 1268 usbcir - ok
16:39:36.0160 1268 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:39:36.0162 1268 usbehci - ok
16:39:36.0199 1268 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:39:36.0204 1268 usbhub - ok
16:39:36.0220 1268 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:39:36.0220 1268 usbohci - ok
16:39:36.0244 1268 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:39:36.0244 1268 usbprint - ok
16:39:36.0268 1268 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:39:36.0269 1268 USBSTOR - ok
16:39:36.0287 1268 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:39:36.0288 1268 usbuhci - ok
16:39:36.0306 1268 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:39:36.0307 1268 usbvideo - ok
16:39:36.0348 1268 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:39:36.0348 1268 usb_rndisx - ok
16:39:36.0377 1268 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:39:36.0378 1268 vdrvroot - ok
16:39:36.0401 1268 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:39:36.0403 1268 vga - ok
16:39:36.0423 1268 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:39:36.0425 1268 VgaSave - ok
16:39:36.0434 1268 VGPU - ok
16:39:36.0465 1268 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:39:36.0466 1268 vhdmp - ok
16:39:36.0502 1268 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:39:36.0503 1268 viaide - ok
16:39:36.0522 1268 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:39:36.0523 1268 vmbus - ok
16:39:36.0546 1268 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:39:36.0546 1268 VMBusHID - ok
16:39:36.0599 1268 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
16:39:36.0600 1268 vmm - ok
16:39:36.0634 1268 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:39:36.0635 1268 volmgr - ok
16:39:36.0669 1268 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:39:36.0674 1268 volmgrx - ok
16:39:36.0692 1268 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:39:36.0697 1268 volsnap - ok
16:39:36.0731 1268 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:39:36.0732 1268 vsmraid - ok
16:39:36.0750 1268 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:39:36.0752 1268 vwifibus - ok
16:39:36.0768 1268 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:39:36.0769 1268 vwififlt - ok
16:39:36.0803 1268 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:39:36.0804 1268 vwifimp - ok
16:39:36.0828 1268 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:39:36.0829 1268 WacomPen - ok
16:39:36.0861 1268 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:39:36.0863 1268 WANARP - ok
16:39:36.0867 1268 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:39:36.0868 1268 Wanarpv6 - ok
16:39:36.0904 1268 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:39:36.0905 1268 Wd - ok
16:39:36.0928 1268 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:39:36.0934 1268 Wdf01000 - ok
16:39:36.0971 1268 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:39:36.0973 1268 WfpLwf - ok
16:39:37.0005 1268 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:39:37.0017 1268 WIMMount - ok
16:39:37.0097 1268 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:39:37.0117 1268 winachsf - ok
16:39:37.0289 1268 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\winusb.sys
16:39:37.0291 1268 WinUsb - ok
16:39:37.0323 1268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:39:37.0323 1268 WmiAcpi - ok
16:39:37.0356 1268 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:39:37.0357 1268 ws2ifsl - ok
16:39:37.0400 1268 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:39:37.0403 1268 WudfPf - ok
16:39:37.0424 1268 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:39:37.0428 1268 WUDFRd - ok
16:39:37.0455 1268 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
16:39:37.0457 1268 XAudio - ok
16:39:37.0491 1268 MBR (0x1B8) (1ae08dc26e9ddcea477187f2a31dacdf) \Device\Harddisk0\DR0
16:39:37.0498 1268 \Device\Harddisk0\DR0 - ok
16:39:37.0499 1268 Boot (0x1200) (8d1644ad6ec4e856b97b80bf649d876e) \Device\Harddisk0\DR0\Partition0
16:39:37.0500 1268 \Device\Harddisk0\DR0\Partition0 - ok
16:39:37.0515 1268 Boot (0x1200) (018dd5cf3e9fdf8b95ce3bbc6317ef60) \Device\Harddisk0\DR0\Partition1
16:39:37.0517 1268 \Device\Harddisk0\DR0\Partition1 - ok
16:39:37.0534 1268 Boot (0x1200) (e4f0529cd854d31eca24150b9cf59dc5) \Device\Harddisk0\DR0\Partition2
16:39:37.0536 1268 \Device\Harddisk0\DR0\Partition2 - ok
16:39:37.0557 1268 Boot (0x1200) (4ef0b69f87c944cb82346746eac1c7ad) \Device\Harddisk0\DR0\Partition3
16:39:37.0559 1268 \Device\Harddisk0\DR0\Partition3 - ok
16:39:37.0560 1268 ============================================================
16:39:37.0560 1268 Scan finished
16:39:37.0560 1268 ============================================================
16:39:37.0566 4280 Detected object count: 0
16:39:37.0566 4280 Actual detected object count: 0
16:40:03.0768 5584 ============================================================
16:40:03.0768 5584 Scan started
16:40:03.0768 5584 Mode: Manual;
16:40:03.0768 5584 ============================================================
16:40:04.0201 5584 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:40:04.0202 5584 1394ohci - ok
16:40:04.0230 5584 5U877 (708ccd77b9363f245d9f9ace480824ca) C:\Windows\system32\DRIVERS\5U877.sys
16:40:04.0231 5584 5U877 - ok
16:40:04.0249 5584 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:40:04.0251 5584 ACPI - ok
16:40:04.0272 5584 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:40:04.0273 5584 AcpiPmi - ok
16:40:04.0311 5584 ActionReplayDS (5c4219c10b5887dff85e1d2779aed55b) C:\Windows\system32\Drivers\ActionReplayDS_x64.sys
16:40:04.0312 5584 ActionReplayDS - ok
16:40:04.0340 5584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:40:04.0342 5584 adp94xx - ok
16:40:04.0363 5584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:40:04.0364 5584 adpahci - ok
16:40:04.0379 5584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:40:04.0380 5584 adpu320 - ok
16:40:04.0421 5584 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:40:04.0423 5584 AFD - ok
16:40:04.0462 5584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:40:04.0463 5584 agp440 - ok
16:40:04.0480 5584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:40:04.0481 5584 aliide - ok
16:40:04.0517 5584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:40:04.0517 5584 amdide - ok
16:40:04.0539 5584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:40:04.0539 5584 AmdK8 - ok
16:40:04.0555 5584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:40:04.0555 5584 AmdPPM - ok
16:40:04.0580 5584 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:40:04.0580 5584 amdsata - ok
16:40:04.0600 5584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:40:04.0601 5584 amdsbs - ok
16:40:04.0622 5584 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:40:04.0622 5584 amdxata - ok
16:40:04.0655 5584 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:40:04.0656 5584 AppID - ok
16:40:04.0682 5584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:40:04.0683 5584 arc - ok
16:40:04.0703 5584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:40:04.0704 5584 arcsas - ok
16:40:04.0729 5584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:40:04.0729 5584 AsyncMac - ok
16:40:04.0745 5584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:40:04.0746 5584 atapi - ok
16:40:04.0779 5584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:40:04.0781 5584 b06bdrv - ok
16:40:04.0804 5584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:40:04.0805 5584 b57nd60a - ok
16:40:04.0829 5584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:40:04.0829 5584 Beep - ok
16:40:04.0850 5584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:40:04.0851 5584 blbdrive - ok
16:40:04.0890 5584 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:40:04.0890 5584 bowser - ok
16:40:04.0914 5584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:40:04.0914 5584 BrFiltLo - ok
16:40:04.0934 5584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:40:04.0935 5584 BrFiltUp - ok
16:40:04.0954 5584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:40:04.0955 5584 Brserid - ok
16:40:04.0975 5584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:40:04.0976 5584 BrSerWdm - ok
16:40:04.0997 5584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:40:04.0997 5584 BrUsbMdm - ok
16:40:05.0015 5584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:40:05.0015 5584 BrUsbSer - ok
16:40:05.0048 5584 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:40:05.0048 5584 BthEnum - ok
16:40:05.0072 5584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:40:05.0072 5584 BTHMODEM - ok
16:40:05.0101 5584 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:40:05.0102 5584 BthPan - ok
16:40:05.0136 5584 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:40:05.0139 5584 BTHPORT - ok
16:40:05.0160 5584 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:40:05.0161 5584 BTHUSB - ok
16:40:05.0185 5584 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
16:40:05.0186 5584 btusbflt - ok
16:40:05.0215 5584 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
16:40:05.0215 5584 btwaudio - ok
16:40:05.0237 5584 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\drivers\btwavdt.sys
16:40:05.0238 5584 btwavdt - ok
16:40:05.0258 5584 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:40:05.0258 5584 btwl2cap - ok
16:40:05.0279 5584 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
16:40:05.0280 5584 btwrchid - ok
16:40:05.0288 5584 catchme - ok
16:40:05.0315 5584 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:40:05.0317 5584 CAXHWAZL - ok
16:40:05.0350 5584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:40:05.0350 5584 cdfs - ok
16:40:05.0384 5584 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:40:05.0385 5584 cdrom - ok
16:40:05.0408 5584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:40:05.0409 5584 circlass - ok
16:40:05.0438 5584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:40:05.0440 5584 CLFS - ok
16:40:05.0463 5584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:40:05.0464 5584 CmBatt - ok
16:40:05.0488 5584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:40:05.0489 5584 cmdide - ok
16:40:05.0522 5584 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:40:05.0524 5584 CNG - ok
16:40:05.0559 5584 CnxtHdAudService (22bc1c27274d1cb1c3a8c14cdba0cdf2) C:\Windows\system32\drivers\CHDRT64.sys
16:40:05.0562 5584 CnxtHdAudService - ok
16:40:05.0577 5584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:40:05.0577 5584 Compbatt - ok
16:40:05.0594 5584 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:40:05.0594 5584 CompositeBus - ok
16:40:05.0614 5584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:40:05.0615 5584 crcdisk - ok
16:40:05.0653 5584 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:40:05.0655 5584 CSC - ok
16:40:05.0693 5584 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:40:05.0694 5584 DfsC - ok
16:40:05.0710 5584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:40:05.0711 5584 discache - ok
16:40:05.0727 5584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:40:05.0728 5584 Disk - ok
16:40:05.0756 5584 DKRtWrt (0172038dabf0df25b2d95cd886b8aa56) C:\Windows\system32\DRIVERS\DKRtWrt.sys
16:40:05.0756 5584 DKRtWrt - ok
16:40:05.0788 5584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:40:05.0791 5584 drmkaud - ok
16:40:05.0801 5584 dump_wmimmc - ok
16:40:05.0832 5584 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:40:05.0836 5584 DXGKrnl - ok
16:40:05.0859 5584 DzHDD64 (5bdef3faa1bfd9c9c5d3dc972049f0fa) C:\Windows\system32\DRIVERS\DzHDD64.sys
16:40:05.0860 5584 DzHDD64 - ok
16:40:05.0909 5584 e1kexpress (3fac023e44bcae77e62770f8fd476a2a) C:\Windows\system32\DRIVERS\e1k62x64.sys
16:40:05.0910 5584 e1kexpress - ok
16:40:05.0928 5584 EagleX64 - ok
16:40:06.0018 5584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:40:06.0030 5584 ebdrv - ok
16:40:06.0099 5584 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:40:06.0101 5584 eeCtrl - ok
16:40:06.0141 5584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:40:06.0143 5584 elxstor - ok
16:40:06.0170 5584 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:40:06.0171 5584 EraserUtilRebootDrv - ok
16:40:06.0219 5584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:40:06.0219 5584 ErrDev - ok
16:40:06.0263 5584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:40:06.0264 5584 exfat - ok
16:40:06.0300 5584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:40:06.0301 5584 fastfat - ok
16:40:06.0331 5584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:40:06.0332 5584 fdc - ok
16:40:06.0378 5584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:40:06.0378 5584 FileInfo - ok
16:40:06.0413 5584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:40:06.0413 5584 Filetrace - ok
16:40:06.0442 5584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:40:06.0442 5584 flpydisk - ok
16:40:06.0491 5584 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:40:06.0492 5584 FltMgr - ok
16:40:06.0527 5584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:40:06.0527 5584 FsDepends - ok
16:40:06.0555 5584 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:40:06.0556 5584 Fs_Rec - ok
16:40:06.0583 5584 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:40:06.0584 5584 fvevol - ok
16:40:06.0616 5584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:40:06.0617 5584 gagp30kx - ok
16:40:06.0658 5584 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:40:06.0658 5584 GEARAspiWDM - ok
16:40:06.0685 5584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:40:06.0685 5584 hcw85cir - ok
16:40:06.0719 5584 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:40:06.0720 5584 HdAudAddService - ok
16:40:06.0747 5584 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:40:06.0748 5584 HDAudBus - ok
16:40:06.0770 5584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:40:06.0770 5584 HidBatt - ok
16:40:06.0793 5584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:40:06.0793 5584 HidBth - ok
16:40:06.0824 5584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:40:06.0824 5584 HidIr - ok
16:40:06.0858 5584 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:40:06.0858 5584 HidUsb - ok
16:40:06.0891 5584 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:40:06.0891 5584 HpSAMD - ok
16:40:06.0987 5584 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:40:06.0993 5584 HSF_DPV - ok
16:40:07.0042 5584 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:40:07.0045 5584 HTTP - ok
16:40:07.0076 5584 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:40:07.0076 5584 hwpolicy - ok
16:40:07.0112 5584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:40:07.0113 5584 i8042prt - ok
16:40:07.0154 5584 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:40:07.0156 5584 iaStorV - ok
16:40:07.0180 5584 IBMPMDRV (16a43abb5a334c7842f4a60cf9ff8041) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:40:07.0180 5584 IBMPMDRV - ok
16:40:07.0201 5584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:40:07.0201 5584 iirsp - ok
16:40:07.0221 5584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:40:07.0221 5584 intelide - ok
16:40:07.0237 5584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:40:07.0237 5584 intelppm - ok
16:40:07.0269 5584 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:40:07.0270 5584 IpFilterDriver - ok
16:40:07.0304 5584 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:40:07.0305 5584 IPMIDRV - ok
16:40:07.0320 5584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:40:07.0321 5584 IPNAT - ok
16:40:07.0342 5584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:40:07.0343 5584 IRENUM - ok
16:40:07.0359 5584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:40:07.0360 5584 isapnp - ok
16:40:07.0387 5584 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:40:07.0389 5584 iScsiPrt - ok
16:40:07.0406 5584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:40:07.0407 5584 kbdclass - ok
16:40:07.0431 5584 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:40:07.0432 5584 kbdhid - ok
16:40:07.0460 5584 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:40:07.0461 5584 KSecDD - ok
16:40:07.0490 5584 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:40:07.0491 5584 KSecPkg - ok
16:40:07.0518 5584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:40:07.0519 5584 ksthunk - ok
16:40:07.0555 5584 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
16:40:07.0555 5584 lenovo.smi - ok
16:40:07.0580 5584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:40:07.0581 5584 lltdio - ok
16:40:07.0604 5584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:40:07.0605 5584 LSI_FC - ok
16:40:07.0626 5584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:40:07.0627 5584 LSI_SAS - ok
16:40:07.0645 5584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:40:07.0646 5584 LSI_SAS2 - ok
16:40:07.0668 5584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:40:07.0669 5584 LSI_SCSI - ok
16:40:07.0689 5584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:40:07.0690 5584 luafv - ok
16:40:07.0725 5584 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:40:07.0725 5584 mdmxsdk - ok
16:40:07.0741 5584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:40:07.0742 5584 megasas - ok
16:40:07.0762 5584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:40:07.0763 5584 MegaSR - ok
16:40:07.0789 5584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:40:07.0789 5584 Modem - ok
16:40:07.0822 5584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:40:07.0822 5584 monitor - ok
16:40:07.0859 5584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:40:07.0860 5584 mouclass - ok
16:40:07.0879 5584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:40:07.0879 5584 mouhid - ok
16:40:07.0910 5584 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:40:07.0911 5584 mountmgr - ok
16:40:07.0927 5584 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:40:07.0928 5584 mpio - ok
16:40:07.0949 5584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:40:07.0950 5584 mpsdrv - ok
16:40:07.0981 5584 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:40:07.0982 5584 MRxDAV - ok
16:40:08.0019 5584 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:40:08.0020 5584 mrxsmb - ok
16:40:08.0049 5584 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:40:08.0050 5584 mrxsmb10 - ok
16:40:08.0068 5584 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:40:08.0069 5584 mrxsmb20 - ok
16:40:08.0084 5584 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:40:08.0085 5584 msahci - ok
16:40:08.0100 5584 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:40:08.0101 5584 msdsm - ok
16:40:08.0124 5584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:40:08.0125 5584 Msfs - ok
16:40:08.0142 5584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:40:08.0142 5584 mshidkmdf - ok
16:40:08.0164 5584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:40:08.0164 5584 msisadrv - ok
16:40:08.0191 5584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:40:08.0192 5584 MSKSSRV - ok
16:40:08.0203 5584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:40:08.0203 5584 MSPCLOCK - ok
16:40:08.0234 5584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:40:08.0235 5584 MSPQM - ok
16:40:08.0272 5584 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:40:08.0273 5584 MsRPC - ok
16:40:08.0290 5584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:40:08.0291 5584 mssmbios - ok
16:40:08.0314 5584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:40:08.0315 5584 MSTEE - ok
16:40:08.0334 5584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:40:08.0335 5584 MTConfig - ok
16:40:08.0354 5584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:40:08.0354 5584 Mup - ok
16:40:08.0390 5584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:40:08.0392 5584 NativeWifiP - ok
16:40:08.0464 5584 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111005.033\ENG64.SYS
16:40:08.0465 5584 NAVENG - ok
16:40:08.0509 5584 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111005.033\EX64.SYS
16:40:08.0517 5584 NAVEX15 - ok
16:40:08.0568 5584 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:40:08.0572 5584 NDIS - ok
16:40:08.0591 5584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:40:08.0591 5584 NdisCap - ok
16:40:08.0613 5584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:40:08.0613 5584 NdisTapi - ok
16:40:08.0647 5584 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:40:08.0647 5584 Ndisuio - ok
16:40:08.0679 5584 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:40:08.0680 5584 NdisWan - ok
16:40:08.0710 5584 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:40:08.0711 5584 NDProxy - ok
16:40:08.0724 5584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:40:08.0725 5584 NetBIOS - ok
16:40:08.0761 5584 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:40:08.0762 5584 NetBT - ok
16:40:08.0907 5584 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:40:08.0938 5584 NETwNs64 - ok
16:40:08.0969 5584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:40:08.0969 5584 nfrd960 - ok
16:40:08.0982 5584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:40:08.0983 5584 Npfs - ok
16:40:08.0993 5584 NPPTNT2 - ok
16:40:09.0021 5584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:40:09.0021 5584 nsiproxy - ok
16:40:09.0080 5584 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:40:09.0086 5584 Ntfs - ok
16:40:09.0109 5584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:40:09.0110 5584 Null - ok
16:40:09.0137 5584 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
16:40:09.0138 5584 NVHDA - ok
16:40:09.0342 5584 nvlddmkm (6ef8c7a051804570000670800f6174fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:40:09.0392 5584 nvlddmkm - ok
16:40:09.0425 5584 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:40:09.0426 5584 nvraid - ok
16:40:09.0447 5584 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:40:09.0448 5584 nvstor - ok
16:40:09.0487 5584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:40:09.0488 5584 nv_agp - ok
16:40:09.0513 5584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:40:09.0513 5584 ohci1394 - ok
16:40:09.0537 5584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:40:09.0538 5584 Parport - ok
16:40:09.0569 5584 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:40:09.0570 5584 partmgr - ok
16:40:09.0596 5584 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:40:09.0597 5584 pci - ok
16:40:09.0613 5584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:40:09.0613 5584 pciide - ok
16:40:09.0636 5584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:40:09.0637 5584 pcmcia - ok
16:40:09.0659 5584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:40:09.0660 5584 pcw - ok
16:40:09.0684 5584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:40:09.0687 5584 PEAUTH - ok
16:40:09.0740 5584 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:40:09.0741 5584 PptpMiniport - ok
16:40:09.0757 5584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:40:09.0757 5584 Processor - ok
16:40:09.0786 5584 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
16:40:09.0787 5584 psadd - ok
16:40:09.0819 5584 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:40:09.0820 5584 Psched - ok
16:40:09.0862 5584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:40:09.0868 5584 ql2300 - ok
16:40:09.0895 5584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:40:09.0896 5584 ql40xx - ok
16:40:09.0913 5584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:40:09.0914 5584 QWAVEdrv - ok
16:40:09.0934 5584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:40:09.0934 5584 RasAcd - ok
16:40:09.0963 5584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:40:09.0964 5584 RasAgileVpn - ok
16:40:09.0998 5584 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:40:09.0999 5584 Rasl2tp - ok
16:40:10.0025 5584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:40:10.0026 5584 RasPppoe - ok
16:40:10.0044 5584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:40:10.0045 5584 RasSstp - ok
16:40:10.0083 5584 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:40:10.0085 5584 rdbss - ok
16:40:10.0102 5584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:40:10.0102 5584 rdpbus - ok
16:40:10.0121 5584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:40:10.0122 5584 RDPCDD - ok
16:40:10.0154 5584 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:40:10.0155 5584 RDPDR - ok
16:40:10.0165 5584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:40:10.0166 5584 RDPENCDD - ok
16:40:10.0189 5584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:40:10.0190 5584 RDPREFMP - ok
16:40:10.0224 5584 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:40:10.0225 5584 RdpVideoMiniport - ok
16:40:10.0255 5584 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:40:10.0256 5584 RDPWD - ok
16:40:10.0284 5584 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:40:10.0285 5584 rdyboost - ok
16:40:10.0313 5584 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:40:10.0314 5584 RFCOMM - ok
16:40:10.0340 5584 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
16:40:10.0340 5584 rimspci - ok
16:40:10.0360 5584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:40:10.0360 5584 rspndr - ok
16:40:10.0385 5584 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:40:10.0386 5584 s3cap - ok
16:40:10.0422 5584 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:40:10.0422 5584 sbp2port - ok
16:40:10.0453 5584 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:40:10.0454 5584 scfilter - ok
16:40:10.0473 5584 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:40:10.0474 5584 sdbus - ok
16:40:10.0495 5584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:40:10.0495 5584 secdrv - ok
16:40:10.0521 5584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:40:10.0521 5584 Serenum - ok
16:40:10.0542 5584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:40:10.0543 5584 Serial - ok
16:40:10.0573 5584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:40:10.0574 5584 sermouse - ok
16:40:10.0596 5584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:40:10.0596 5584 sffdisk - ok
16:40:10.0613 5584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:40:10.0614 5584 sffp_mmc - ok
16:40:10.0629 5584 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:40:10.0630 5584 sffp_sd - ok
16:40:10.0664 5584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:40:10.0665 5584 sfloppy - ok
16:40:10.0704 5584 Shockprf (29e316de2c0261c30c08f872032c53a2) C:\Windows\system32\DRIVERS\Apsx64.sys
16:40:10.0705 5584 Shockprf - ok
16:40:10.0720 5584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:40:10.0720 5584 SiSRaid2 - ok
16:40:10.0740 5584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:40:10.0741 5584 SiSRaid4 - ok
16:40:10.0767 5584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:40:10.0768 5584 Smb - ok
16:40:10.0816 5584 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
16:40:10.0816 5584 smihlp - ok
16:40:10.0841 5584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:40:10.0841 5584 spldr - ok
16:40:10.0877 5584 SRTSP (c0691f43ea87761b67df6384cfc30b8d) C:\Windows\system32\Drivers\SRTSP64.SYS
16:40:10.0879 5584 SRTSP - ok
16:40:10.0906 5584 SRTSPL (b0304f6120848db7d7709843e2294705) C:\Windows\system32\Drivers\SRTSPL64.SYS
16:40:10.0908 5584 SRTSPL - ok
16:40:10.0929 5584 SRTSPX (165fde7386d792efac992eea34d03bc1) C:\Windows\system32\Drivers\SRTSPX64.SYS
16:40:10.0930 5584 SRTSPX - ok
16:40:10.0962 5584 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:40:10.0964 5584 srv - ok
16:40:11.0000 5584 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:40:11.0002 5584 srv2 - ok
16:40:11.0040 5584 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:40:11.0041 5584 SrvHsfHDA - ok
16:40:11.0075 5584 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:40:11.0082 5584 SrvHsfV92 - ok
16:40:11.0113 5584 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:40:11.0116 5584 SrvHsfWinac - ok
16:40:11.0160 5584 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:40:11.0161 5584 srvnet - ok
16:40:11.0191 5584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:40:11.0192 5584 stexstor - ok
16:40:11.0221 5584 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:40:11.0221 5584 storflt - ok
16:40:11.0258 5584 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:40:11.0259 5584 storvsc - ok
16:40:11.0289 5584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:40:11.0290 5584 swenum - ok
16:40:11.0327 5584 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:40:11.0328 5584 SymEvent - ok
16:40:11.0336 5584 Synth3dVsc - ok
16:40:11.0383 5584 SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys
16:40:11.0389 5584 SynTP - ok
16:40:11.0456 5584 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:40:11.0464 5584 Tcpip - ok
16:40:11.0505 5584 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:40:11.0513 5584 TCPIP6 - ok
16:40:11.0547 5584 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:40:11.0548 5584 tcpipreg - ok
16:40:11.0567 5584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:40:11.0568 5584 TDPIPE - ok
16:40:11.0581 5584 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:40:11.0582 5584 TDTCP - ok
16:40:11.0614 5584 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:40:11.0615 5584 tdx - ok
16:40:11.0633 5584 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:40:11.0634 5584 TermDD - ok
16:40:11.0665 5584 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
16:40:11.0665 5584 TIEHDUSB - ok
16:40:11.0696 5584 TPDIGIMN (8b359a7f4c715b84c76de3c5167797c5) C:\Windows\system32\DRIVERS\ApsHM64.sys
16:40:11.0696 5584 TPDIGIMN - ok
16:40:11.0725 5584 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
16:40:11.0726 5584 TPM - ok
16:40:11.0751 5584 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
16:40:11.0751 5584 TPPWRIF - ok
16:40:11.0789 5584 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:40:11.0790 5584 tssecsrv - ok
16:40:11.0820 5584 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:40:11.0820 5584 TsUsbFlt - ok
16:40:11.0830 5584 tsusbhub - ok
16:40:11.0870 5584 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:40:11.0871 5584 tunnel - ok
16:40:11.0899 5584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:40:11.0900 5584 uagp35 - ok
16:40:11.0939 5584 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:40:11.0941 5584 udfs - ok
16:40:11.0977 5584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:40:11.0978 5584 uliagpkx - ok
16:40:12.0006 5584 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:40:12.0007 5584 umbus - ok
16:40:12.0029 5584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:40:12.0029 5584 UmPass - ok
16:40:12.0061 5584 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
16:40:12.0062 5584 USBAAPL64 - ok
16:40:12.0092 5584 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:40:12.0093 5584 usbccgp - ok
16:40:12.0129 5584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:40:12.0130 5584 usbcir - ok
16:40:12.0161 5584 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:40:12.0162 5584 usbehci - ok
16:40:12.0200 5584 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:40:12.0202 5584 usbhub - ok
16:40:12.0221 5584 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:40:12.0221 5584 usbohci - ok
16:40:12.0245 5584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:40:12.0245 5584 usbprint - ok
16:40:12.0269 5584 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:40:12.0270 5584 USBSTOR - ok
16:40:12.0288 5584 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:40:12.0289 5584 usbuhci - ok
16:40:12.0307 5584 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:40:12.0309 5584 usbvideo - ok
16:40:12.0332 5584 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:40:12.0333 5584 usb_rndisx - ok
16:40:12.0362 5584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:40:12.0362 5584 vdrvroot - ok
16:40:12.0386 5584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:40:12.0386 5584 vga - ok
16:40:12.0408 5584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:40:12.0409 5584 VgaSave - ok
16:40:12.0418 5584 VGPU - ok
16:40:12.0458 5584 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:40:12.0459 5584 vhdmp - ok
16:40:12.0487 5584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:40:12.0488 5584 viaide - ok
16:40:12.0523 5584 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:40:12.0524 5584 vmbus - ok
16:40:12.0555 5584 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:40:12.0556 5584 VMBusHID - ok
16:40:12.0592 5584 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
16:40:12.0594 5584 vmm - ok
16:40:12.0627 5584 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:40:12.0628 5584 volmgr - ok
16:40:12.0662 5584 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:40:12.0664 5584 volmgrx - ok
16:40:12.0685 5584 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:40:12.0686 5584 volsnap - ok
16:40:12.0708 5584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:40:12.0709 5584 vsmraid - ok
16:40:12.0727 5584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:40:12.0727 5584 vwifibus - ok
16:40:12.0744 5584 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:40:12.0745 5584 vwififlt - ok
16:40:12.0763 5584 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:40:12.0764 5584 vwifimp - ok
16:40:12.0788 5584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:40:12.0789 5584 WacomPen - ok
16:40:12.0813 5584 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:40:12.0814 5584 WANARP - ok
16:40:12.0817 5584 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:40:12.0818 5584 Wanarpv6 - ok
16:40:12.0864 5584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:40:12.0864 5584 Wd - ok
16:40:12.0888 5584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:40:12.0891 5584 Wdf01000 - ok
16:40:12.0914 5584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:40:12.0915 5584 WfpLwf - ok
16:40:12.0932 5584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:40:12.0933 5584 WIMMount - ok
16:40:12.0969 5584 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:40:12.0972 5584 winachsf - ok
16:40:13.0010 5584 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\winusb.sys
16:40:13.0011 5584 WinUsb - ok
16:40:13.0043 5584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:40:13.0044 5584 WmiAcpi - ok
16:40:13.0069 5584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:40:13.0069 5584 ws2ifsl - ok
16:40:13.0113 5584 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:40:13.0114 5584 WudfPf - ok
16:40:13.0137 5584 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:40:13.0138 5584 WUDFRd - ok
16:40:13.0159 5584 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
16:40:13.0160 5584 XAudio - ok
16:40:13.0178 5584 MBR (0x1B8) (1ae08dc26e9ddcea477187f2a31dacdf) \Device\Harddisk0\DR0
16:40:13.0185 5584 \Device\Harddisk0\DR0 - ok
16:40:13.0188 5584 Boot (0x1200) (8d1644ad6ec4e856b97b80bf649d876e) \Device\Harddisk0\DR0\Partition0
16:40:13.0189 5584 \Device\Harddisk0\DR0\Partition0 - ok
16:40:13.0203 5584 Boot (0x1200) (018dd5cf3e9fdf8b95ce3bbc6317ef60) \Device\Harddisk0\DR0\Partition1
16:40:13.0205 5584 \Device\Harddisk0\DR0\Partition1 - ok
16:40:13.0222 5584 Boot (0x1200) (e4f0529cd854d31eca24150b9cf59dc5) \Device\Harddisk0\DR0\Partition2
16:40:13.0224 5584 \Device\Harddisk0\DR0\Partition2 - ok
16:40:13.0245 5584 Boot (0x1200) (4ef0b69f87c944cb82346746eac1c7ad) \Device\Harddisk0\DR0\Partition3
16:40:13.0247 5584 \Device\Harddisk0\DR0\Partition3 - ok
16:40:13.0247 5584 ============================================================
16:40:13.0247 5584 Scan finished
16:40:13.0247 5584 ============================================================
16:40:13.0253 5732 Detected object count: 0
16:40:13.0253 5732 Actual detected object count: 0
  • 0

#14
jefferyisablob
Posted 06 October 2011 - 03:42 PM

jefferyisablob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-06 16:30:37
-----------------------------
16:30:37.238 OS Version: Windows x64 6.1.7601 Service Pack 1
16:30:37.238 Number of processors: 4 586 0x2502
16:30:37.239 ComputerName: RICHARDZHOU-PC UserName: Richard Zhou
16:30:40.193 Initialize success
16:30:50.263 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:30:50.264 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 3
16:30:52.315 Disk 0 MBR read successfully
16:30:52.317 Disk 0 MBR scan
16:30:52.319 Disk 0 TDL4@MBR code has been found
16:30:52.321 Disk 0 MBR hidden
16:30:52.324 Disk 0 MBR [TDL4] **ROOTKIT**
16:30:52.327 Disk 0 trace - called modules:
16:30:52.332 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800349d254]<<
16:30:52.334 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003481060]
16:30:52.337 3 CLASSPNP.SYS[fffff880019a943f] -> nt!IofCallDriver -> [0xfffffa80031ff520]
16:30:52.340 5 ACPI.sys[fffff88000f637a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80031fb680]
16:30:52.344 \Driver\atapi[0xfffffa80031e8a20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800349d254
16:30:52.348 Scan finished successfully
16:31:08.153 Disk 0 MBR read successfully
16:31:08.158 Disk 0 TDL4@MBR code has been found
16:31:08.162 Disk 0 fixing MBR ...
16:31:18.167 Disk 0 MBR restored successfully
16:31:18.272 Verifying disinfection
16:31:30.276 Infection fixed successfully - please reboot ASAP
16:31:55.385 Disk 0 MBR has been saved successfully to "C:\Users\Richard Zhou\Desktop\MBR.dat"
16:31:55.391 The log file has been saved successfully to "C:\Users\Richard Zhou\Desktop\aswMBR1.txt"
  • 0

#15
jefferyisablob
Posted 06 October 2011 - 04:09 PM

jefferyisablob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you it seems like things have been fixed! So far, no redirection, I'm not having trouble loading facebook log-ins, or any other HTTPS. In a few hours, I'll give another update on if I've had any of the old problems come back.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP