Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Running Slow and Nothing is Working [Closed]

Started by Slayer21 , Oct 03 2011 04:02 PM

  • This topic is locked This topic is locked

#1
Slayer21
Posted 03 October 2011 - 04:02 PM

Slayer21

    Member

  • Member
  • PipPipPip
  • 198 posts
Many programs are freezing such as the OTL program at the Drive Info part. My DVD Drive won't open anymore and if I right click it to eject it, Windows Explorer freezes. iTunes and many other programs won't even load up. Everything has been acting weird. My AntiVir Premium, Malwarebytes, and Windows System Defender do not find anything. I am really starting to think that I have a virus or bug.

I managed to get HijackThis to work since OTL kept freezing on me:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:02:21 PM, on 10/3/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Chris Reaper\Downloads\OTL.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris Reaper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.cinemanow.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FastBootAgent - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Lexar Media, Inc. - C:\Windows\system32\LxrSII1s.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Nortel VPN Client (NvcSvcMgr) - Nortel Networks - C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14259 bytes

OTL was working
OTL Extras logfile created on: 10/3/2011 6:59:29 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Chris Reaper\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 47.41% Memory free
7.93 Gb Paging File | 5.48 Gb Available in Paging File | 69.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.44 Gb Total Space | 114.78 Gb Free Space | 40.50% Space Free | Partition Type: NTFS

Computer Name: CHRISREAPER-PC | User Name: Chris Reaper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java™ 7 (64-bit)
"{2D290715-B0FC-3898-9247-62F803A585DF}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{48A7B11D-C3E1-3BEE-AF6C-8976F6E705A6}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514)
"{49D5BCB5-31E0-4B32-816D-E953C372E650}" = TortoiseSVN 1.6.8.19260 (64 bit)
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EC5CF64-2E59-411D-0504-420091001102}" = Nortel VPN Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B7D0C3BC-CB39-3CA1-9295-A23A93994893}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F4330A8B-3610-4483-975E-69789B70A764}" = HP Photosmart Plus B210 series Basic Device Software
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"A-WIN-Extras 8.0.0 1802959_is1" = Mathematica Extras 8.0 (1802959)
"CCleaner" = CCleaner
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"M-WIN-L 8.0.0 1803527_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.0 1803527)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2995259E-05BE-4C9A-B58E-B9491B878CB2}" = SBP2 Filter
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A7FA717-F5B9-4303-9866-F1C16F90482E}" = Bradford Persistent Agent
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}" = Secure Download Manager
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7DD13BB4-8F1A-7648-C0FC-CFF679B9297A}" = Livescribe Connect
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Ultra Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.5.315
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F43120F7-7DBF-4E10-BC9B-193A3350AAF5}_is1" = Password Unlocker Bundle 6.0.0.6
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.10 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"com.livescribe.LivescribeConnect" = Livescribe Connect
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HD Tune Pro_is1" = HD Tune Pro 4.60
"Hoyle Puzzle and Board Games 2011" = Hoyle Puzzle and Board Games 2011 (remove only)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"JDownloader" = JDownloader
"KeyNote_is1" = KeyNote 1.6.5
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Livescribe Desktop 2.7" = Livescribe Desktop
"LynxMessenger" = LynxMessenger
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"ManyCam" = ManyCam 2.6.55 (remove only)
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"Notepad++" = Notepad++
"Pharos" = Pharos
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TransMac_is1" = TransMac version 8.1
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Winrar 3.93" = Winrar 3.93
"XPort 360_is1" = XPort 360

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2011 12:34:50 AM | Computer Name = ChrisReaper-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 9/19/2011 12:38:21 AM | Computer Name = ChrisReaper-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 9/19/2011 9:52:38 AM | Computer Name = ChrisReaper-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 9/19/2011 9:52:38 AM | Computer Name = ChrisReaper-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 9/20/2011 12:35:00 AM | Computer Name = ChrisReaper-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 9/20/2011 12:38:12 AM | Computer Name = ChrisReaper-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 9/21/2011 12:34:58 AM | Computer Name = ChrisReaper-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 9/21/2011 12:38:15 AM | Computer Name = ChrisReaper-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 9/22/2011 12:34:51 AM | Computer Name = ChrisReaper-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 9/22/2011 12:38:13 AM | Computer Name = ChrisReaper-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

[ System Events ]
Error - 10/3/2011 6:35:21 PM | Computer Name = ChrisReaper-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/3/2011 6:41:22 PM | Computer Name = ChrisReaper-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/3/2011 6:44:23 PM | Computer Name = ChrisReaper-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/3/2011 6:47:27 PM | Computer Name = ChrisReaper-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/3/2011 6:53:28 PM | Computer Name = ChrisReaper-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/3/2011 6:59:29 PM | Computer Name = ChrisReaper-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/3/2011 6:59:43 PM | Computer Name = ChrisReaper-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/3/2011 7:02:48 PM | Computer Name = ChrisReaper-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/3/2011 7:08:49 PM | Computer Name = ChrisReaper-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/3/2011 7:11:50 PM | Computer Name = ChrisReaper-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >

Edited by Slayer21, 03 October 2011 - 06:08 PM.

  • 0

Advertisements

#2
Slayer21
Posted 03 October 2011 - 07:07 PM

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
Also, my settings keep changing on my track pad and such on this laptop. They keep changing a lot. This computer takes forever to boot now too. 5+ mins when it used to take under 1 min.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7859

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/3/2011 9:07:07 PM
mbam-log-2011-10-03 (21-07-07).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 505159
Time elapsed: 2 hour(s), 47 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Slayer21, 04 October 2011 - 10:47 AM.

  • 0

#3
Slayer21
Posted 06 October 2011 - 07:08 AM

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
Now, my desktop freezes, I cannot click anything on it. I quit explorer and restart it and it still is that way. This is just getting worse and worse for me. I want my laptop back for college and its not looking too good for me. Also, it thinks there is a CD, i do a manual eject and it still thinks there is a CD. I cannot get to any of my restore points and it won't read a recovery disc or anything. Please help ASAP!

Edited by Slayer21, 06 October 2011 - 10:37 AM.

  • 0

#4
eddie5659
Posted 16 October 2011 - 12:43 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Hiya

Firstly, can you uninstall this via AddRemove Programs:

Ask Toolbar


Then, see if you can run Combofix for me:

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
  • 0

#5
Slayer21
Posted 16 October 2011 - 06:06 PM

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
ComboFix 11-10-16.02 - Chris Reaper 10/16/2011 19:40:18.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1714 [GMT -4:00]
Running from: c:\users\Chris Reaper\Desktop\username123.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Chris Reaper\AppData\Roaming\inst.exe
c:\users\Chris Reaper\AppData\Roaming\vso_ts_preview.xml
c:\users\Chris Reaper\Documents\~WRL0003.tmp
c:\windows\iun6002.exe
c:\windows\UA000080.DLL
c:\windows\UA000106.DLL
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-09-16 to 2011-10-16 )))))))))))))))))))))))))))))))
.
.
2011-10-16 23:57 . 2011-10-16 23:57 -------- d-----w- c:\users\Mcx1-CHRISREAPER-PC\AppData\Local\temp
2011-10-16 23:57 . 2011-10-16 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-16 16:28 . 2011-10-16 16:28 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E6308B7-A9DD-4C0E-AA6A-F855EA7A095A}\offreg.dll
2011-10-16 16:27 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E6308B7-A9DD-4C0E-AA6A-F855EA7A095A}\mpengine.dll
2011-10-15 13:16 . 2011-10-15 13:16 -------- d-----w- c:\users\Chris Reaper\AppData\Local\Apps
2011-10-13 16:35 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 16:35 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 16:35 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 16:35 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 16:35 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 16:35 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 16:35 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 16:35 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 16:35 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 12:33 . 2011-10-13 12:33 -------- d-----w- c:\program files\iPod
2011-10-13 12:33 . 2011-10-13 12:34 -------- d-----w- c:\program files\iTunes
2011-10-13 12:33 . 2011-10-13 12:34 -------- d-----w- c:\program files (x86)\iTunes
2011-10-13 12:30 . 2011-10-13 12:30 -------- d-----w- c:\program files\Bonjour
2011-10-13 12:30 . 2011-10-13 12:30 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-11 16:54 . 2004-08-10 04:42 77824 ------w- c:\windows\SysWow64\brlmw03a.dll
2011-10-11 16:54 . 2011-10-11 16:54 -------- d-----w- c:\program files (x86)\Brownie
2011-10-11 16:53 . 2011-10-11 16:54 -------- d-----w- c:\program files (x86)\Brother
2011-10-11 16:53 . 2009-12-02 15:37 200704 ------w- c:\windows\SysWow64\Pdrvinst.dll
2011-10-11 16:53 . 2009-05-20 15:00 111928 ----a-w- c:\windows\SysWow64\BRRBTOOL.EXE
2011-10-11 16:53 . 2007-01-15 15:00 24223 ----a-w- c:\windows\SysWow64\BRLM03A.DLL
2011-10-11 16:53 . 2006-12-21 15:23 176128 ------w- c:\windows\SysWow64\BROSNMP.DLL
2011-10-11 13:37 . 2011-10-11 13:37 -------- d-----w- c:\users\Chris Reaper\AppData\Roaming\Avira
2011-10-11 13:35 . 2011-10-11 13:29 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:35 . 2011-10-11 13:29 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:35 . 2011-10-11 13:29 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-11 13:35 . 2011-10-11 13:36 -------- d-----w- c:\programdata\Avira
2011-10-11 13:35 . 2011-10-11 13:35 -------- d-----w- c:\program files (x86)\Avira
2011-10-11 13:25 . 2011-10-11 13:25 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6156AFFE-6922-4833-B054-7CF6A427C05F}\gapaengine.dll
2011-10-10 15:09 . 2011-10-10 15:09 4550304 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-08 13:31 . 2011-10-08 13:32 -------- d-----w- c:\program files (x86)\Google
2011-10-08 13:31 . 2011-10-08 13:31 -------- d-----w- c:\users\Chris Reaper\AppData\Local\Google
2011-10-06 16:53 . 2011-10-11 17:10 -------- d-----w- c:\users\Chris Reaper\AppData\Local\ElevatedDiagnostics
2011-10-04 14:48 . 2011-10-04 14:48 -------- d-----w- c:\windows\system32\Macromed
2011-10-04 00:52 . 2011-10-04 00:52 -------- d-----w- c:\users\Chris Reaper\AppData\Local\CrashDumps
2011-10-03 21:54 . 2011-10-03 21:54 388096 ----a-r- c:\users\Chris Reaper\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-03 21:54 . 2011-10-03 21:54 -------- d-----w- c:\program files (x86)\Trend Micro
2011-10-03 02:39 . 2011-10-03 02:39 -------- d-----w- c:\users\Chris Reaper\AppData\Local\PrimoPDFContent
2011-10-03 02:12 . 2011-10-03 02:43 -------- d-----w- c:\users\Chris Reaper\AppData\Roaming\PrimoPDF
2011-10-03 02:11 . 2011-06-21 22:56 17200 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-10-03 02:11 . 2011-06-21 22:56 28976 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-10-03 02:10 . 2011-10-03 21:17 -------- d-----w- c:\users\Chris Reaper\AppData\Local\OpenCandy
2011-10-03 02:10 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll
2011-10-03 02:10 . 2011-10-03 02:10 -------- d-----w- c:\users\Chris Reaper\AppData\Roaming\OpenCandy
2011-10-03 02:10 . 2011-10-03 03:00 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-09-28 18:36 . 2011-09-28 18:36 -------- d-----w- c:\program files\Microsoft SQL Server
2011-09-28 18:35 . 2011-09-28 18:35 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-09-28 18:33 . 2011-09-28 18:33 -------- d-----w- c:\programdata\PreEmptive Solutions
2011-09-28 18:28 . 2011-09-28 18:28 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2011-09-28 18:27 . 2011-09-28 18:27 -------- d-----w- c:\program files\IIS
2011-09-28 18:27 . 2011-09-28 18:27 -------- d-----w- c:\program files (x86)\IIS
2011-09-28 18:27 . 2011-10-09 22:51 2136512 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-09-28 18:16 . 2011-09-28 18:16 -------- d-----w- c:\windows\SysWow64\1033
2011-09-28 18:15 . 2011-09-28 18:22 -------- d-----w- c:\program files (x86)\Microsoft F#
2011-09-28 18:15 . 2011-09-28 18:19 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2011-09-28 18:14 . 2011-10-09 22:46 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2011-09-28 18:06 . 2011-09-28 18:06 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2011-09-28 18:05 . 2011-09-28 18:05 -------- d-----w- c:\windows\system32\1033
2011-09-28 18:05 . 2011-09-28 18:35 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-09-28 18:05 . 2011-09-28 18:05 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-09-23 16:27 . 2011-09-23 16:27 -------- d-----w- c:\users\Chris Reaper\AppData\Local\Nortel
2011-09-23 16:27 . 2011-09-23 16:27 -------- d-----w- c:\programdata\Nortel
2011-09-23 16:27 . 2011-09-23 16:27 -------- d-----w- c:\program files (x86)\Nortel
2011-09-23 16:26 . 2008-05-17 03:11 751616 ----atw- c:\windows\system32\PSRA069F.DLL
2011-09-23 16:26 . 2008-05-17 03:12 109568 ----a-w- c:\windows\SysWow64\MadCHook.dll
2011-09-23 16:25 . 2011-09-23 16:26 -------- d-----w- c:\program files (x86)\Pharos
2011-09-23 16:25 . 2011-10-04 01:05 -------- d-----w- C:\Temp
2011-09-22 18:00 . 2011-09-22 18:00 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2011-09-22 18:00 . 2011-09-22 18:00 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-09-22 17:55 . 2011-09-22 17:55 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2011-09-22 17:54 . 2011-09-22 17:54 -------- d-----w- c:\program files (x86)\Application Verifier
2011-09-22 17:54 . 2011-09-22 17:54 -------- d-----w- c:\program files\Application Verifier (x64)
2011-09-22 17:53 . 2011-09-22 17:53 -------- d-----w- c:\windows\symbols
2011-09-22 17:53 . 2011-09-28 18:33 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2011-09-22 17:44 . 2011-09-22 17:44 -------- d-----w- c:\program files\Microsoft SDKs
2011-09-19 23:11 . 2011-09-19 23:11 -------- d-----w- c:\users\Chris Reaper\AppData\Local\BMExplorer
2011-09-19 23:06 . 2011-09-19 23:06 -------- d-----w- c:\program files (x86)\ASUS Bluetooth Suite
2011-09-19 22:27 . 2009-12-30 17:21 65536 ----a-w- c:\windows\SysWow64\LxrSII1s.exe
2011-09-19 22:27 . 2009-12-30 14:32 63064 ----a-w- c:\windows\system32\drivers\LxrSII1d.sys
2011-09-19 22:27 . 2009-12-30 17:21 140288 ----a-w- c:\windows\SysWow64\LxrSII1.dll
2011-09-19 22:27 . 2011-09-19 22:28 -------- d-----w- c:\users\Chris Reaper\AppData\Local\Lexar Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 01:11 . 2011-05-18 01:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-13 00:26 . 2011-08-14 05:35 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-31 21:00 . 2009-12-26 02:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-23 15:33 . 2011-08-23 15:33 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-30 00:35 . 2011-07-30 00:35 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-20 13:44 . 2011-08-13 02:54 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-19 09:05 . 2010-04-30 01:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 19:30 272952 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-10-05 03:59 72248 ----a-w- c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-10-05 03:59 3054136 ----a-w- c:\windows\AsScrPro.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-10-11 342480]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 BNPagent;Bradford Persistent Agent Service;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2011-03-08 3079960]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-11 127352]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NvcSvcMgr;Nortel VPN Client;c:\program files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2009-10-05 615704]
S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys [x]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-05-20 468992]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 17:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 13:31]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 13:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Chris Reaper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - /105
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: cinemanow.com
TCP: DhcpNameServer = 10.8.1.231 10.8.1.237
FF - ProfilePath - c:\users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, BRI/1
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-CLMLServer - c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-LynxMessenger - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc23B79.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1043806178-727526901-2694514658-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F0FB132-8310-1A66-EF0A-0BD8D873EC9A}*]
@Allowed: (Read) (RestrictedCode)
"oanghpcgdmcglfnaobkjodhhnhmaki"=hex:69,61,6a,6e,65,6b,68,61,6c,69,70,61,6e,6c,
6c,6c,68,62,00,00
"nadijmeeajkcdndgiikipkdnkgia"=hex:69,61,6a,6e,65,6b,68,61,6c,69,70,61,6e,6c,
6c,6c,68,62,00,77
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-16 20:04:15
ComboFix-quarantined-files.txt 2011-10-17 00:04
.
Pre-Run: 115,826,683,904 bytes free
Post-Run: 115,968,774,144 bytes free
.
- - End Of File - - CECD1675D835EB127D86E92FA5783EF6
  • 0

#6
eddie5659
Posted 18 October 2011 - 03:45 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Okay, there is a few things that look suspect, so can you do the following:


Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply

eddie
  • 0

#7
Slayer21
Posted 18 October 2011 - 05:48 PM

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
19:46:59.0388 9644 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
19:46:59.0819 9644 ============================================================
19:46:59.0819 9644 Current date / time: 2011/10/18 19:46:59.0819
19:46:59.0819 9644 SystemInfo:
19:46:59.0820 9644
19:46:59.0820 9644 OS Version: 6.1.7601 ServicePack: 1.0
19:46:59.0820 9644 Product type: Workstation
19:46:59.0820 9644 ComputerName: CHRISREAPER-PC
19:46:59.0820 9644 UserName: Chris Reaper
19:46:59.0820 9644 Windows directory: C:\Windows
19:46:59.0820 9644 System windows directory: C:\Windows
19:46:59.0820 9644 Running under WOW64
19:46:59.0820 9644 Processor architecture: Intel x64
19:46:59.0820 9644 Number of processors: 2
19:46:59.0820 9644 Page size: 0x1000
19:46:59.0820 9644 Boot type: Normal boot
19:46:59.0821 9644 ============================================================
19:47:00.0473 9644 Initialize success
19:47:16.0815 10588 ============================================================
19:47:16.0815 10588 Scan started
19:47:16.0815 10588 Mode: Manual; SigCheck; TDLFS;
19:47:16.0815 10588 ============================================================
19:47:17.0100 10588 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:47:17.0231 10588 1394ohci - ok
19:47:17.0379 10588 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:47:17.0423 10588 ACPI - ok
19:47:17.0524 10588 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:47:17.0627 10588 AcpiPmi - ok
19:47:17.0757 10588 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
19:47:17.0862 10588 adfs - ok
19:47:18.0050 10588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:47:18.0131 10588 adp94xx - ok
19:47:18.0252 10588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:47:18.0287 10588 adpahci - ok
19:47:18.0314 10588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:47:18.0345 10588 adpu320 - ok
19:47:18.0500 10588 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:47:18.0566 10588 AFD - ok
19:47:18.0683 10588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:47:18.0724 10588 agp440 - ok
19:47:18.0799 10588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:47:18.0832 10588 aliide - ok
19:47:18.0923 10588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:47:18.0958 10588 amdide - ok
19:47:19.0006 10588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:47:19.0037 10588 AmdK8 - ok
19:47:19.0116 10588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:47:19.0167 10588 AmdPPM - ok
19:47:19.0241 10588 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:47:19.0268 10588 amdsata - ok
19:47:19.0358 10588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:47:19.0389 10588 amdsbs - ok
19:47:19.0463 10588 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:47:19.0497 10588 amdxata - ok
19:47:19.0609 10588 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
19:47:19.0675 10588 AmUStor - ok
19:47:19.0935 10588 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:47:20.0101 10588 AppID - ok
19:47:20.0243 10588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:47:20.0281 10588 arc - ok
19:47:20.0311 10588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:47:20.0348 10588 arcsas - ok
19:47:20.0431 10588 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
19:47:20.0461 10588 AsDsm - ok
19:47:20.0529 10588 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
19:47:20.0565 10588 ASMMAP64 - ok
19:47:20.0677 10588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:47:20.0830 10588 AsyncMac - ok
19:47:20.0973 10588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:47:21.0005 10588 atapi - ok
19:47:21.0038 10588 AthBTPort (c647c19b70b4717106f6b59e80d6f38f) C:\Windows\system32\DRIVERS\btath_flt.sys
19:47:21.0094 10588 AthBTPort - ok
19:47:21.0169 10588 AthDfu (17d367ae1ad05852303a8bdfab5d028b) C:\Windows\system32\Drivers\AthDfu.sys
19:47:21.0225 10588 AthDfu - ok
19:47:21.0394 10588 athr (de8b9c3e0e09d918b394207f34ac16dd) C:\Windows\system32\DRIVERS\athrx.sys
19:47:21.0468 10588 athr - ok
19:47:21.0630 10588 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
19:47:21.0663 10588 avgntflt - ok
19:47:21.0802 10588 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
19:47:21.0851 10588 avipbb - ok
19:47:22.0012 10588 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:47:22.0054 10588 avkmgr - ok
19:47:22.0132 10588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:47:22.0196 10588 b06bdrv - ok
19:47:22.0304 10588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:47:22.0363 10588 b57nd60a - ok
19:47:22.0472 10588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:47:22.0549 10588 Beep - ok
19:47:22.0658 10588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:47:22.0711 10588 blbdrive - ok
19:47:22.0874 10588 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:47:22.0922 10588 bowser - ok
19:47:22.0958 10588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:47:22.0996 10588 BrFiltLo - ok
19:47:23.0116 10588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:47:23.0177 10588 BrFiltUp - ok
19:47:23.0287 10588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:47:23.0359 10588 Brserid - ok
19:47:23.0453 10588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:47:23.0514 10588 BrSerWdm - ok
19:47:23.0537 10588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:47:23.0608 10588 BrUsbMdm - ok
19:47:23.0718 10588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:47:23.0771 10588 BrUsbSer - ok
19:47:23.0878 10588 BTATH_A2DP (f5b0c8426147f8455a58470753355a86) C:\Windows\system32\drivers\btath_a2dp.sys
19:47:23.0958 10588 BTATH_A2DP - ok
19:47:24.0058 10588 BTATH_BUS (613a1fd0db78f8df45fc0091868f1032) C:\Windows\system32\DRIVERS\btath_bus.sys
19:47:24.0122 10588 BTATH_BUS - ok
19:47:24.0229 10588 BTATH_HCRP (30c1769f1dbf567a2f31492e819cbdc2) C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:47:24.0298 10588 BTATH_HCRP - ok
19:47:24.0401 10588 BTATH_RCP (6b476536c991f953ded4b92cc505b3a8) C:\Windows\system32\DRIVERS\btath_rcp.sys
19:47:24.0499 10588 BTATH_RCP - ok
19:47:24.0614 10588 BtFilter (e808a9b7dbd8db51d6a02beba677ae88) C:\Windows\system32\DRIVERS\btfilter.sys
19:47:24.0692 10588 BtFilter - ok
19:47:24.0815 10588 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
19:47:24.0876 10588 BthAvrcp - ok
19:47:25.0003 10588 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
19:47:25.0060 10588 BthEnum - ok
19:47:25.0100 10588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:47:25.0144 10588 BTHMODEM - ok
19:47:25.0245 10588 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:47:25.0312 10588 BthPan - ok
19:47:25.0441 10588 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
19:47:25.0495 10588 BTHPORT - ok
19:47:25.0640 10588 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
19:47:25.0683 10588 BTHUSB - ok
19:47:25.0746 10588 catchme - ok
19:47:25.0849 10588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:47:25.0940 10588 cdfs - ok
19:47:26.0062 10588 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:47:26.0111 10588 cdrom - ok
19:47:26.0242 10588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:47:26.0315 10588 circlass - ok
19:47:26.0386 10588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:47:26.0419 10588 CLFS - ok
19:47:26.0549 10588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:47:26.0588 10588 CmBatt - ok
19:47:26.0725 10588 cmdGuard (0020e6598d80b92e4d8618554c4843ab) C:\Windows\system32\DRIVERS\cmdguard.sys
19:47:26.0800 10588 cmdGuard - ok
19:47:26.0863 10588 cmdHlp (7a2af19b01bf433c23ac1111610acf84) C:\Windows\system32\DRIVERS\cmdhlp.sys
19:47:26.0884 10588 cmdHlp - ok
19:47:26.0937 10588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:47:26.0972 10588 cmdide - ok
19:47:27.0093 10588 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:47:27.0153 10588 CNG - ok
19:47:27.0262 10588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:47:27.0296 10588 Compbatt - ok
19:47:27.0362 10588 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:47:27.0404 10588 CompositeBus - ok
19:47:27.0490 10588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:47:27.0517 10588 crcdisk - ok
19:47:27.0674 10588 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:47:27.0742 10588 DfsC - ok
19:47:27.0783 10588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:47:27.0856 10588 discache - ok
19:47:27.0964 10588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:47:28.0003 10588 Disk - ok
19:47:28.0174 10588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:47:28.0234 10588 drmkaud - ok
19:47:28.0317 10588 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:47:28.0379 10588 DXGKrnl - ok
19:47:28.0550 10588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:47:28.0696 10588 ebdrv - ok
19:47:28.0839 10588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:47:28.0898 10588 elxstor - ok
19:47:29.0020 10588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:47:29.0070 10588 ErrDev - ok
19:47:29.0181 10588 ETD (1299d1ea00b7a4bf69c5869dca31e0f6) C:\Windows\system32\DRIVERS\ETD.sys
19:47:29.0236 10588 ETD - ok
19:47:29.0273 10588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:47:29.0343 10588 exfat - ok
19:47:29.0439 10588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:47:29.0536 10588 fastfat - ok
19:47:29.0631 10588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:47:29.0671 10588 fdc - ok
19:47:29.0693 10588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:47:29.0719 10588 FileInfo - ok
19:47:29.0811 10588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:47:29.0893 10588 Filetrace - ok
19:47:29.0978 10588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:47:30.0018 10588 flpydisk - ok
19:47:30.0083 10588 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:47:30.0128 10588 FltMgr - ok
19:47:30.0237 10588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:47:30.0276 10588 FsDepends - ok
19:47:30.0325 10588 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:47:30.0352 10588 fssfltr - ok
19:47:30.0455 10588 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:47:30.0486 10588 Fs_Rec - ok
19:47:30.0553 10588 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:47:30.0590 10588 fvevol - ok
19:47:30.0675 10588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:47:30.0711 10588 gagp30kx - ok
19:47:30.0866 10588 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:47:30.0905 10588 GEARAspiWDM - ok
19:47:30.0957 10588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:47:31.0026 10588 hcw85cir - ok
19:47:31.0212 10588 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:47:31.0269 10588 HdAudAddService - ok
19:47:31.0403 10588 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:47:31.0470 10588 HDAudBus - ok
19:47:31.0491 10588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:47:31.0543 10588 HidBatt - ok
19:47:31.0633 10588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:47:31.0684 10588 HidBth - ok
19:47:31.0763 10588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:47:31.0809 10588 HidIr - ok
19:47:31.0946 10588 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:47:31.0986 10588 HidUsb - ok
19:47:32.0033 10588 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:47:32.0060 10588 HpSAMD - ok
19:47:32.0204 10588 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:47:32.0308 10588 HTTP - ok
19:47:32.0420 10588 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:47:32.0442 10588 hwpolicy - ok
19:47:32.0509 10588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:47:32.0543 10588 i8042prt - ok
19:47:32.0650 10588 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
19:47:32.0682 10588 iaStor - ok
19:47:32.0815 10588 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:47:32.0863 10588 iaStorV - ok
19:47:33.0222 10588 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:47:33.0671 10588 igfx - ok
19:47:33.0762 10588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:47:33.0804 10588 iirsp - ok
19:47:33.0893 10588 inspect (fc863d6ec8fc977ac4be6ca7ddc10dae) C:\Windows\system32\DRIVERS\inspect.sys
19:47:33.0914 10588 inspect - ok
19:47:34.0023 10588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:47:34.0059 10588 intelide - ok
19:47:34.0098 10588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:47:34.0138 10588 intelppm - ok
19:47:34.0259 10588 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:47:34.0340 10588 IpFilterDriver - ok
19:47:34.0398 10588 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:47:34.0432 10588 IPMIDRV - ok
19:47:34.0527 10588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:47:34.0603 10588 IPNAT - ok
19:47:34.0696 10588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:47:34.0744 10588 IRENUM - ok
19:47:34.0799 10588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:47:34.0835 10588 isapnp - ok
19:47:34.0946 10588 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:47:34.0985 10588 iScsiPrt - ok
19:47:35.0064 10588 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
19:47:35.0087 10588 ivusb - ok
19:47:35.0209 10588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:47:35.0250 10588 kbdclass - ok
19:47:35.0320 10588 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:47:35.0367 10588 kbdhid - ok
19:47:35.0462 10588 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:47:35.0488 10588 kbfiltr - ok
19:47:35.0549 10588 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:47:35.0579 10588 KSecDD - ok
19:47:35.0693 10588 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:47:35.0721 10588 KSecPkg - ok
19:47:35.0757 10588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:47:35.0822 10588 ksthunk - ok
19:47:35.0922 10588 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
19:47:35.0974 10588 L1E - ok
19:47:36.0095 10588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:47:36.0178 10588 lltdio - ok
19:47:36.0301 10588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:47:36.0338 10588 LSI_FC - ok
19:47:36.0432 10588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:47:36.0467 10588 LSI_SAS - ok
19:47:36.0503 10588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:47:36.0531 10588 LSI_SAS2 - ok
19:47:36.0635 10588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:47:36.0676 10588 LSI_SCSI - ok
19:47:36.0780 10588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:47:36.0863 10588 luafv - ok
19:47:36.0951 10588 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
19:47:36.0976 10588 lullaby - ok
19:47:37.0032 10588 LxrSII1d (9db17b1dd76cf0fd0bb3da5f1da078c2) C:\Windows\System32\Drivers\LxrSII1d.sys
19:47:37.0061 10588 LxrSII1d - ok
19:47:37.0188 10588 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
19:47:37.0233 10588 ManyCam - ok
19:47:37.0356 10588 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
19:47:37.0423 10588 MarvinBus - ok
19:47:37.0581 10588 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
19:47:37.0609 10588 MBAMProtector - ok
19:47:37.0694 10588 mchInjDrv - ok
19:47:37.0761 10588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:47:37.0800 10588 megasas - ok
19:47:37.0830 10588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:47:37.0865 10588 MegaSR - ok
19:47:37.0961 10588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:47:38.0041 10588 Modem - ok
19:47:38.0130 10588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:47:38.0169 10588 monitor - ok
19:47:38.0237 10588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:47:38.0282 10588 mouclass - ok
19:47:38.0372 10588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:47:38.0414 10588 mouhid - ok
19:47:38.0470 10588 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:47:38.0504 10588 mountmgr - ok
19:47:38.0642 10588 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
19:47:38.0681 10588 MpFilter - ok
19:47:38.0747 10588 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:47:38.0781 10588 mpio - ok
19:47:38.0909 10588 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:47:38.0944 10588 MpNWMon - ok
19:47:38.0980 10588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:47:39.0046 10588 mpsdrv - ok
19:47:39.0159 10588 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:47:39.0214 10588 MRxDAV - ok
19:47:39.0274 10588 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:47:39.0334 10588 mrxsmb - ok
19:47:39.0458 10588 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:47:39.0514 10588 mrxsmb10 - ok
19:47:39.0567 10588 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:47:39.0610 10588 mrxsmb20 - ok
19:47:39.0728 10588 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:47:39.0754 10588 msahci - ok
19:47:39.0815 10588 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:47:39.0844 10588 msdsm - ok
19:47:39.0889 10588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:47:39.0942 10588 Msfs - ok
19:47:40.0029 10588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:47:40.0102 10588 mshidkmdf - ok
19:47:40.0164 10588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:47:40.0197 10588 msisadrv - ok
19:47:40.0312 10588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:47:40.0400 10588 MSKSSRV - ok
19:47:40.0484 10588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:47:40.0559 10588 MSPCLOCK - ok
19:47:40.0640 10588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:47:40.0715 10588 MSPQM - ok
19:47:40.0778 10588 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:47:40.0806 10588 MsRPC - ok
19:47:40.0928 10588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:47:40.0972 10588 mssmbios - ok
19:47:41.0008 10588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:47:41.0068 10588 MSTEE - ok
19:47:41.0158 10588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:47:41.0200 10588 MTConfig - ok
19:47:41.0283 10588 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
19:47:41.0314 10588 MTsensor - ok
19:47:41.0342 10588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:47:41.0367 10588 Mup - ok
19:47:41.0474 10588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:47:41.0532 10588 NativeWifiP - ok
19:47:41.0672 10588 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:47:41.0728 10588 NDIS - ok
19:47:41.0820 10588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:47:41.0897 10588 NdisCap - ok
19:47:41.0982 10588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:47:42.0065 10588 NdisTapi - ok
19:47:42.0123 10588 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:47:42.0192 10588 Ndisuio - ok
19:47:42.0309 10588 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:47:42.0404 10588 NdisWan - ok
19:47:42.0470 10588 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:47:42.0523 10588 NDProxy - ok
19:47:42.0626 10588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:47:42.0690 10588 NetBIOS - ok
19:47:42.0754 10588 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:47:42.0839 10588 NetBT - ok
19:47:42.0984 10588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:47:43.0024 10588 nfrd960 - ok
19:47:43.0134 10588 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:47:43.0163 10588 NisDrv - ok
19:47:43.0286 10588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:47:43.0362 10588 Npfs - ok
19:47:43.0382 10588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:47:43.0448 10588 nsiproxy - ok
19:47:43.0585 10588 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:47:43.0644 10588 Ntfs - ok
19:47:43.0765 10588 NT_NvcA (2492e06249b7284b74b87776cc14006c) C:\Windows\system32\DRIVERS\ntnvca.sys
19:47:43.0797 10588 NT_NvcA - ok
19:47:43.0833 10588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:47:43.0884 10588 Null - ok
19:47:44.0000 10588 nvcwfpco (ff6f2b2c7f06210a5d0648637dd1afee) C:\Windows\system32\DRIVERS\nvcwfpco.sys
19:47:44.0046 10588 nvcwfpco - ok
19:47:44.0119 10588 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:47:44.0150 10588 nvraid - ok
19:47:44.0179 10588 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:47:44.0210 10588 nvstor - ok
19:47:44.0334 10588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:47:44.0376 10588 nv_agp - ok
19:47:44.0442 10588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:47:44.0476 10588 ohci1394 - ok
19:47:44.0601 10588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:47:44.0633 10588 Parport - ok
19:47:44.0707 10588 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:47:44.0738 10588 partmgr - ok
19:47:44.0845 10588 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:47:44.0872 10588 pci - ok
19:47:44.0890 10588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:47:44.0912 10588 pciide - ok
19:47:44.0956 10588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:47:44.0993 10588 pcmcia - ok
19:47:45.0123 10588 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
19:47:45.0205 10588 pcouffin - ok
19:47:45.0249 10588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:47:45.0272 10588 pcw - ok
19:47:45.0340 10588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:47:45.0439 10588 PEAUTH - ok
19:47:45.0642 10588 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:47:45.0724 10588 PptpMiniport - ok
19:47:45.0752 10588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:47:45.0805 10588 Processor - ok
19:47:45.0945 10588 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:47:46.0034 10588 Psched - ok
19:47:46.0173 10588 PulseUsb (edc3cc1d029601c8da3ff8bcfb08881f) C:\Windows\system32\DRIVERS\PulseUsb.sys
19:47:46.0233 10588 PulseUsb - ok
19:47:46.0380 10588 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
19:47:46.0439 10588 PxHlpa64 - ok
19:47:46.0529 10588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:47:46.0607 10588 ql2300 - ok
19:47:46.0712 10588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:47:46.0750 10588 ql40xx - ok
19:47:46.0776 10588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:47:46.0811 10588 QWAVEdrv - ok
19:47:46.0909 10588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:47:46.0972 10588 RasAcd - ok
19:47:47.0067 10588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:47:47.0133 10588 RasAgileVpn - ok
19:47:47.0200 10588 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:47:47.0273 10588 Rasl2tp - ok
19:47:47.0368 10588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:47:47.0436 10588 RasPppoe - ok
19:47:47.0456 10588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:47:47.0518 10588 RasSstp - ok
19:47:47.0636 10588 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:47:47.0710 10588 rdbss - ok
19:47:47.0732 10588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:47:47.0777 10588 rdpbus - ok
19:47:47.0856 10588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:47:47.0919 10588 RDPCDD - ok
19:47:48.0013 10588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:47:48.0079 10588 RDPENCDD - ok
19:47:48.0171 10588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:47:48.0236 10588 RDPREFMP - ok
19:47:48.0301 10588 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:47:48.0360 10588 RDPWD - ok
19:47:48.0495 10588 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:47:48.0533 10588 rdyboost - ok
19:47:48.0621 10588 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:47:48.0674 10588 RFCOMM - ok
19:47:48.0797 10588 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:47:48.0853 10588 RimUsb - ok
19:47:48.0980 10588 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:47:49.0025 10588 RimVSerPort - ok
19:47:49.0054 10588 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:47:49.0119 10588 ROOTMODEM - ok
19:47:49.0232 10588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:47:49.0300 10588 rspndr - ok
19:47:49.0365 10588 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:47:49.0406 10588 sbp2port - ok
19:47:49.0544 10588 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:47:49.0615 10588 scfilter - ok
19:47:49.0742 10588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:47:49.0813 10588 secdrv - ok
19:47:49.0852 10588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:47:49.0905 10588 Serenum - ok
19:47:50.0007 10588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:47:50.0046 10588 Serial - ok
19:47:50.0101 10588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:47:50.0145 10588 sermouse - ok
19:47:50.0278 10588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:47:50.0322 10588 sffdisk - ok
19:47:50.0341 10588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:47:50.0381 10588 sffp_mmc - ok
19:47:50.0491 10588 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:47:50.0542 10588 sffp_sd - ok
19:47:50.0565 10588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:47:50.0603 10588 sfloppy - ok
19:47:50.0716 10588 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
19:47:50.0768 10588 SiSGbeLH - ok
19:47:50.0859 10588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:47:50.0900 10588 SiSRaid2 - ok
19:47:50.0925 10588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:47:50.0954 10588 SiSRaid4 - ok
19:47:51.0050 10588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:47:51.0114 10588 Smb - ok
19:47:51.0289 10588 SNP2UVC (2d280b5799f9c143fa7d49e032fbce46) C:\Windows\system32\DRIVERS\snp2uvc.sys
19:47:51.0390 10588 SNP2UVC - ok
19:47:51.0490 10588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:47:51.0521 10588 spldr - ok
19:47:51.0601 10588 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:47:51.0661 10588 srv - ok
19:47:51.0781 10588 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:47:51.0825 10588 srv2 - ok
19:47:51.0852 10588 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:47:51.0883 10588 srvnet - ok
19:47:51.0976 10588 StarOpen - ok
19:47:52.0023 10588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:47:52.0049 10588 stexstor - ok
19:47:52.0171 10588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:47:52.0226 10588 swenum - ok
19:47:52.0574 10588 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
19:47:52.0674 10588 Tcpip - ok
19:47:52.0863 10588 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
19:47:52.0925 10588 TCPIP6 - ok
19:47:53.0073 10588 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:47:53.0134 10588 tcpipreg - ok
19:47:53.0231 10588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:47:53.0303 10588 TDPIPE - ok
19:47:53.0382 10588 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:47:53.0458 10588 TDTCP - ok
19:47:53.0607 10588 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:47:53.0672 10588 tdx - ok
19:47:53.0726 10588 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:47:53.0756 10588 TermDD - ok
19:47:53.0867 10588 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
19:47:53.0927 10588 TIEHDUSB - ok
19:47:54.0106 10588 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:47:54.0190 10588 tssecsrv - ok
19:47:54.0280 10588 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:47:54.0330 10588 TsUsbFlt - ok
19:47:54.0479 10588 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:47:54.0561 10588 tunnel - ok
19:47:54.0677 10588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:47:54.0731 10588 uagp35 - ok
19:47:54.0851 10588 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:47:54.0943 10588 udfs - ok
19:47:55.0038 10588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:47:55.0074 10588 uliagpkx - ok
19:47:55.0184 10588 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:47:55.0234 10588 umbus - ok
19:47:55.0300 10588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:47:55.0338 10588 UmPass - ok
19:47:55.0453 10588 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:47:55.0524 10588 USBAAPL64 - ok
19:47:55.0645 10588 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:47:55.0722 10588 usbaudio - ok
19:47:55.0787 10588 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:47:55.0836 10588 usbccgp - ok
19:47:55.0954 10588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:47:56.0010 10588 usbcir - ok
19:47:56.0068 10588 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:47:56.0107 10588 usbehci - ok
19:47:56.0237 10588 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:47:56.0298 10588 usbhub - ok
19:47:56.0325 10588 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
19:47:56.0353 10588 usbohci - ok
19:47:56.0444 10588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:47:56.0504 10588 usbprint - ok
19:47:56.0621 10588 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:47:56.0675 10588 usbscan - ok
19:47:56.0730 10588 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:47:56.0788 10588 USBSTOR - ok
19:47:56.0899 10588 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:47:56.0952 10588 usbuhci - ok
19:47:57.0020 10588 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
19:47:57.0061 10588 usbvideo - ok
19:47:57.0183 10588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:47:57.0217 10588 vdrvroot - ok
19:47:57.0271 10588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:47:57.0303 10588 vga - ok
19:47:57.0393 10588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:47:57.0465 10588 VgaSave - ok
19:47:57.0567 10588 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:47:57.0607 10588 vhdmp - ok
19:47:57.0683 10588 VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys
19:47:57.0771 10588 VIAHdAudAddService - ok
19:47:57.0901 10588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:47:57.0935 10588 viaide - ok
19:47:57.0956 10588 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:47:57.0980 10588 volmgr - ok
19:47:58.0063 10588 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:47:58.0105 10588 volmgrx - ok
19:47:58.0218 10588 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:47:58.0256 10588 volsnap - ok
19:47:58.0297 10588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:47:58.0327 10588 vsmraid - ok
19:47:58.0426 10588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:47:58.0473 10588 vwifibus - ok
19:47:58.0554 10588 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:47:58.0602 10588 vwififlt - ok
19:47:58.0643 10588 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:47:58.0674 10588 vwifimp - ok
19:47:58.0755 10588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:47:58.0801 10588 WacomPen - ok
19:47:58.0962 10588 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:47:59.0057 10588 WANARP - ok
19:47:59.0073 10588 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:47:59.0134 10588 Wanarpv6 - ok
19:47:59.0274 10588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:47:59.0307 10588 Wd - ok
19:47:59.0392 10588 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
19:47:59.0429 10588 WDC_SAM - ok
19:47:59.0521 10588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:47:59.0566 10588 Wdf01000 - ok
19:47:59.0716 10588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:47:59.0781 10588 WfpLwf - ok
19:47:59.0817 10588 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:47:59.0849 10588 WimFltr - ok
19:47:59.0954 10588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:47:59.0994 10588 WIMMount - ok
19:48:00.0159 10588 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:48:00.0216 10588 WinUsb - ok
19:48:00.0383 10588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:48:00.0426 10588 WmiAcpi - ok
19:48:00.0476 10588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:48:00.0538 10588 ws2ifsl - ok
19:48:00.0674 10588 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:48:00.0737 10588 WudfPf - ok
19:48:00.0755 10588 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:48:00.0821 10588 WUDFRd - ok
19:48:00.0914 10588 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:48:00.0986 10588 \Device\Harddisk0\DR0 - ok
19:48:00.0992 10588 Boot (0x1200) (abdeb61524479b0a9780dcb320db77eb) \Device\Harddisk0\DR0\Partition0
19:48:00.0993 10588 \Device\Harddisk0\DR0\Partition0 - ok
19:48:00.0996 10588 ============================================================
19:48:00.0997 10588 Scan finished
19:48:00.0997 10588 ============================================================
19:48:01.0025 12192 Detected object count: 0
19:48:01.0025 12192 Actual detected object count: 0
  • 0

#8
eddie5659
Posted 23 October 2011 - 08:44 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Okay, that looks good, so lets just check with this tool now, as there is something there I want to narrow things down a bit.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#9
Slayer21
Posted 23 October 2011 - 10:32 AM

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-23 12:31:44
-----------------------------
12:31:44.099 OS Version: Windows x64 6.1.7601 Service Pack 1
12:31:44.099 Number of processors: 2 586 0x170A
12:31:44.099 ComputerName: CHRISREAPER-PC UserName: Chris Reaper
12:31:46.798 Initialize success
12:32:00.746 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:32:00.762 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
12:32:00.762 Disk 0 MBR read successfully
12:32:00.762 Disk 0 MBR scan
12:32:00.762 Disk 0 Windows VISTA default MBR code
12:32:00.777 Service scanning
12:32:03.429 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
12:32:06.425 Modules scanning
12:32:06.425 Disk 0 trace - called modules:
12:32:06.456 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
12:32:06.456 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a89060]
12:32:06.456 3 CLASSPNP.SYS[fffff88001bb343f] -> nt!IofCallDriver -> [0xfffffa80046c1630]
12:32:06.471 5 ACPI.sys[fffff88000f787a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046c4050]
12:32:06.471 Scan finished successfully
12:32:30.638 Disk 0 MBR has been saved successfully to "C:\Users\Chris Reaper\Desktop\MBR.dat"
12:32:30.653 The log file has been saved successfully to "C:\Users\Chris Reaper\Desktop\aswMBR.txt"
  • 0

#10
eddie5659
Posted 25 October 2011 - 02:06 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Okay, there is a registry key I want to look at further. Can you do this for me:

Go here, and download SWReg:

http://www.xs4all.nl...loads/swreg.exe

Put the file into the C:\WINDOWS\ folder.

Go to Start and then Run, and type

cmd

and press OK.

Now, copy/paste the following into the Command Prompt:

%WINDIR%\SWReg null query hku\S-1-5-21-1043806178-727526901-2694514658-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F0FB132-8310-1A66-EF0A-0BD8D873EC9A /s >> C:\exportnulls.txt

And press Enter.

If you're not sure how to paste into the Command Prompt, copy the above as normal. Then, rightclick at the Command Prompt, and select Paste.

Type Exit and then press enter to close the Command Prompt.

The report will be found at C:\exportnulls.txt
  • 0

Advertisements

#11
Slayer21
Posted 25 October 2011 - 06:00 PM

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: s-1-5-21-1043806178-727526901-2694514658-1000\software\microsoft\windows\currentversion\shell does not exist!
  • 0

#12
eddie5659
Posted 26 October 2011 - 05:55 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
It looks like the full line wasn't copied fully, hence the error.

Can you copy all of the below, including up to "/s >> C:\exportnulls.txt":


%WINDIR%\SWReg null query HKEY_USERS\S-1-5-21-1043806178-727526901-2694514658-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F0FB132-8310-1A66-EF0A-0BD8D873EC9A /s >> C:\exportnulls.txt

If still no joy, I'll have a look at it when I get home :)
  • 0

#13
Slayer21
Posted 26 October 2011 - 06:29 PM

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: s-1-5-21-1043806178-727526901-2694514658-1000\software\microsoft\windows\currentversion\shell does not exist!


SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: s-1-5-21-1043806178-727526901-2694514658-1000\software\microsoft\windows\currentversion\shell does not exist!
  • 0

#14
eddie5659
Posted 27 October 2011 - 03:20 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Ah, I see what I've done. Can you try it again, but as follows:


%WINDIR%\SWReg null query "HKEY_USERS\S-1-5-21-1043806178-727526901-2694514658-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F0FB132-8310-1A66-EF0A-0BD8D873EC9A" /s >> C:\exportnulls.txt
  • 0

#15
Slayer21
Posted 27 October 2011 - 05:04 PM

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: s-1-5-21-1043806178-727526901-2694514658-1000\software\microsoft\windows\currentversion\shell does not exist!


SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: s-1-5-21-1043806178-727526901-2694514658-1000\software\microsoft\windows\currentversion\shell does not exist!


SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: s-1-5-21-1043806178-727526901-2694514658-1000\software\microsoft\windows\currentversion\shell extensions\approved\{8f0fb132-8310-1a66-ef0a-0bd8d873ec9a does not exist!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP