Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win 32 Olmarik TDL4 trojan Removal

Started by mh1018 , Oct 18 2011 12:32 PM

This topic is locked

#1
mh1018

Posted 18 October 2011 - 12:32 PM

Member

Member
28 posts

Internet Explorer is being hijacked. NOD32 has identified this virus but cannot remove it. I am a novice user at best.

#2
Essexboy

Posted 18 October 2011 - 12:39 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there - lets increase your knowledge shall we

First I will need to determine the variant and any other associated files. These two programmes are analysis only for the moment

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
mh1018

Posted 18 October 2011 - 02:49 PM

Member

Topic Starter
Member
28 posts

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-18 15:31:55
-----------------------------
15:31:55.358 OS Version: Windows x64 6.1.7601 Service Pack 1
15:31:55.358 Number of processors: 2 586 0x170A
15:31:55.359 ComputerName: HOKIT-PC UserName: Hokit
15:31:56.828 Initialize success
15:33:38.066 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:33:38.068 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC63G Size: 476940MB BusType: 11
15:33:40.088 Disk 0 MBR read successfully
15:33:40.093 Disk 0 MBR scan
15:33:40.098 Disk 0 TDL4@MBR code has been found
15:33:40.103 Disk 0 MBR hidden
15:33:40.108 Disk 0 MBR [TDL4] **ROOTKIT**
15:33:40.116 Disk 0 trace - called modules:
15:33:40.121 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80045a1254]<<
15:33:40.123 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800445f420]
15:33:40.128 3 CLASSPNP.SYS[fffff8800198e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800415b1f0]
15:33:40.136 \Driver\atapi[0xfffffa80040a9e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80045a1254
15:33:40.141 Scan finished successfully
15:34:26.464 Disk 0 MBR has been saved successfully to "C:\Users\Hokit\Desktop\MBR.dat"
15:34:26.479 The log file has been saved successfully to "C:\Users\Hokit\Desktop\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-18 15:31:55
-----------------------------
15:31:55.358 OS Version: Windows x64 6.1.7601 Service Pack 1
15:31:55.358 Number of processors: 2 586 0x170A
15:31:55.359 ComputerName: HOKIT-PC UserName: Hokit
15:31:56.828 Initialize success
15:33:38.066 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:33:38.068 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC63G Size: 476940MB BusType: 11
15:33:40.088 Disk 0 MBR read successfully
15:33:40.093 Disk 0 MBR scan
15:33:40.098 Disk 0 TDL4@MBR code has been found
15:33:40.103 Disk 0 MBR hidden
15:33:40.108 Disk 0 MBR [TDL4] **ROOTKIT**
15:33:40.116 Disk 0 trace - called modules:
15:33:40.121 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80045a1254]<<
15:33:40.123 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800445f420]
15:33:40.128 3 CLASSPNP.SYS[fffff8800198e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800415b1f0]
15:33:40.136 \Driver\atapi[0xfffffa80040a9e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80045a1254
15:33:40.141 Scan finished successfully
15:34:26.464 Disk 0 MBR has been saved successfully to "C:\Users\Hokit\Desktop\MBR.dat"
15:34:26.479 The log file has been saved successfully to "C:\Users\Hokit\Desktop\aswMBR.txt"
15:38:45.274 Disk 0 MBR has been saved successfully to "C:\Users\Hokit\Desktop\MBR.dat"
15:38:45.477 The log file has been saved successfully to "C:\Users\Hokit\Desktop\aswMBR.txt"

OTL
OTL logfile created on: 10/18/2011 3:37:03 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hokit\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 56.38% Memory free
7.92 Gb Paging File | 6.16 Gb Available in Paging File | 77.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 318.86 Gb Free Space | 70.69% Space Free | Partition Type: NTFS

Computer Name: HOKIT-PC | User Name: Hokit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/18 15:35:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hokit\Desktop\OTL.exe
PRC - [2011/10/18 15:31:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Hokit\Desktop\aswMBR.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/01/13 14:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 14:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/10 16:45:46 | 000,351,384 | ---- | M] (The Neat Company) -- C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2011/07/08 17:33:43 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/05/04 17:32:40 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/03/29 17:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/01/13 14:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 14:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/11/04 20:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 20:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/04 20:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/04 20:53:30 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2010/11/04 20:53:26 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2010/11/04 20:53:23 | 005,279,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/11/04 20:53:22 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2009/06/10 16:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/03/03 20:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV:64bit: - [2010/04/14 19:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010/04/14 19:56:14 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/04/14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/31 11:25:03 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 16:45:46 | 000,351,384 | ---- | M] (The Neat Company) [Auto | Running] -- C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe -- (NeatWorksDatabaseController)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/02 21:47:34 | 000,177,040 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDMVsp.sys -- (PTDMVsp)
DRV:64bit: - [2009/11/02 21:47:34 | 000,177,040 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDMMdm.sys -- (PTDMMdm)
DRV:64bit: - [2009/11/02 21:47:34 | 000,142,864 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDMWWAN.sys -- (PTDMWWAN)
DRV:64bit: - [2009/11/02 21:47:34 | 000,069,264 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDMBus.sys -- (PTDMBus)
DRV:64bit: - [2009/11/02 21:47:34 | 000,014,992 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDMWFLT.sys -- (PTDMWFLT)
DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 09:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 03:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/03/25 01:28:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 10:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2009/05/25 15:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/10/17 14:42:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/01 07:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/01 07:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/17 14:42:22 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Hokit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Poppit = C:\Users\Hokit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - Reg Error: Value error. File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (WhatBird Toolbar) - {72C9A221-FCFD-4E21-8C9F-E954A4F5C92F} - C:\Program Files (x86)\WhatBird Toolbar\WhatBirdToolbar.dll (WhatBird)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-393689665-969078850-1005671023-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKU\S-1-5-21-393689665-969078850-1005671023-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-393689665-969078850-1005671023-1000\..\Toolbar\WebBrowser: (WhatBird Toolbar) - {72C9A221-FCFD-4E21-8C9F-E954A4F5C92F} - C:\Program Files (x86)\WhatBird Toolbar\WhatBirdToolbar.dll (WhatBird)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\TEMP.Hokit-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-393689665-969078850-1005671023-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-393689665-969078850-1005671023-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-393689665-969078850-1005671023-1000\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FE50F4E-70A0-4B5F-BB1E-248691E530C3}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B014F8-32E6-4E6A-AC77-633DEF798827}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/18 15:35:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Hokit\Desktop\OTL.exe
[2011/10/18 15:31:31 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Hokit\Desktop\aswMBR.exe
[2011/10/17 14:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/10/17 14:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/17 14:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/10/15 10:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2011/10/15 10:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2011/10/15 10:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2011/10/15 10:36:44 | 000,000,000 | ---D | C] -- C:\Users\Hokit\AppData\Roaming\Garmin
[2011/10/14 11:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2011/10/14 06:31:46 | 000,000,000 | ---D | C] -- C:\Users\Hokit\AppData\Roaming\PC Cleaners
[2011/10/14 06:31:35 | 005,356,304 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/10/14 06:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2011/10/03 06:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/10/03 06:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/10/03 06:39:20 | 000,000,000 | ---D | C] -- C:\Users\Hokit\AppData\Roaming\Yahoo!
[2011/10/03 06:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011/10/02 15:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Web Player
[2011/10/02 15:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
[2011/10/02 15:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quick Web Player
[2011/10/01 14:56:41 | 000,000,000 | ---D | C] -- C:\Users\Hokit\Carbonite Restored OLD User Settings
[2011/10/01 13:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/01 13:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/01 13:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/01 13:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/01 13:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/01 13:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/09/29 13:28:05 | 000,000,000 | -H-D | C] -- C:\Users\Hokit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore
[2011/09/23 21:35:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DailyBibleGuideEI
[2011/03/05 10:35:17 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2011/03/05 10:35:17 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2011/03/05 10:35:17 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2011/03/05 10:35:16 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2011/03/05 10:35:16 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2011/03/05 10:35:16 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2011/03/05 10:35:16 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2011/03/05 10:35:16 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2011/03/05 10:35:16 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2011/03/05 10:35:16 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2011/03/05 10:35:16 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2011/03/05 10:35:16 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/18 15:38:45 | 000,000,512 | ---- | M] () -- C:\Users\Hokit\Desktop\MBR.dat
[2011/10/18 15:35:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hokit\Desktop\OTL.exe
[2011/10/18 15:31:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Hokit\Desktop\aswMBR.exe
[2011/10/18 15:12:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/18 15:00:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/18 11:44:09 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/18 10:57:03 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 10:57:03 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 10:54:16 | 000,671,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/18 10:54:16 | 000,124,158 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/18 10:54:15 | 000,792,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/18 10:50:27 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 10:48:15 | 3191,623,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/17 17:14:32 | 442,637,273 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/17 14:32:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/16 07:43:25 | 000,310,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/15 13:33:30 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
[2011/10/14 06:31:06 | 005,356,304 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/10/02 15:59:03 | 000,137,901 | ---- | M] () -- C:\Windows\unins000.dat
[2011/10/02 15:59:02 | 000,001,077 | ---- | M] () -- C:\Users\Hokit\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Web Player.lnk
[2011/10/02 15:59:02 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Quick Web Player.lnk
[2011/10/02 15:58:32 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2011/10/01 23:18:44 | 012,470,132 | ---- | M] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 02-53-47PM.html
[2011/10/01 14:44:14 | 000,013,695 | ---- | M] () -- C:\Users\Hokit\Documents\savingsbonds.sbw.bak
[2011/10/01 14:44:14 | 000,013,695 | ---- | M] () -- C:\Users\Hokit\Documents\savingsbonds.sbw
[2011/10/01 13:25:04 | 000,001,439 | ---- | M] () -- C:\Users\Hokit\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/01 13:20:49 | 000,000,157 | ---- | M] () -- C:\Windows\SysWow64\svc2dll.dat
[2011/10/01 13:13:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/10/01 13:13:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/10/01 13:10:35 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/01 13:03:38 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/01 12:36:04 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/01 07:11:18 | 000,017,222 | ---- | M] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 07-08-32AM.html
[2011/10/01 07:02:12 | 000,017,526 | ---- | M] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 06-57-58AM.html
[2011/10/01 06:55:41 | 000,017,086 | ---- | M] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 06-54-31AM.html
[2011/09/30 06:03:50 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/30 06:03:32 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/30 06:03:32 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/18 15:34:26 | 000,000,512 | ---- | C] () -- C:\Users\Hokit\Desktop\MBR.dat
[2011/10/15 10:48:56 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
[2011/10/02 17:03:41 | 442,637,273 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/02 15:59:02 | 000,001,077 | ---- | C] () -- C:\Users\Hokit\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Web Player.lnk
[2011/10/02 15:59:02 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Quick Web Player.lnk
[2011/10/02 15:59:01 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2011/10/02 15:59:01 | 000,137,901 | ---- | C] () -- C:\Windows\unins000.dat
[2011/10/01 23:18:42 | 012,470,132 | ---- | C] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 02-53-47PM.html
[2011/10/01 13:24:43 | 000,001,445 | ---- | C] () -- C:\Users\Hokit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/01 13:13:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/10/01 13:13:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/10/01 13:10:35 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/01 13:03:38 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/01 07:11:18 | 000,017,222 | ---- | C] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 07-08-32AM.html
[2011/10/01 07:02:12 | 000,017,526 | ---- | C] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 06-57-58AM.html
[2011/10/01 06:55:41 | 000,017,086 | ---- | C] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 06-54-31AM.html
[2011/09/29 13:28:18 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/29 13:28:17 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/29 13:28:00 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/23 07:36:55 | 000,000,157 | ---- | C] () -- C:\Windows\SysWow64\svc2dll.dat
[2011/03/05 10:35:17 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2011/03/05 10:35:17 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2011/03/05 10:35:17 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2011/03/05 10:35:17 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2011/03/05 10:35:17 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2011/03/05 10:35:16 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2011/03/05 10:35:16 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2011/03/05 10:35:16 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2011/03/05 10:35:16 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2010/09/13 15:19:28 | 000,007,605 | ---- | C] () -- C:\Users\Hokit\AppData\Local\Resmon.ResmonCfg
[2010/08/27 15:33:47 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/05/22 06:05:05 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2010/05/22 06:05:05 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2010/02/09 08:59:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/01/11 10:32:06 | 000,796,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/31 13:56:27 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/10/31 11:33:55 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/12/15 22:07:52 | 000,000,000 | -H-D | M] -- C:\Users\Hokit\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/27 13:20:49 | 000,000,000 | -H-D | M] -- C:\Users\Hokit\AppData\Roaming\eAcceleration
[2011/10/15 10:49:45 | 000,000,000 | ---D | M] -- C:\Users\Hokit\AppData\Roaming\Garmin
[2010/05/27 13:21:30 | 000,000,000 | -H-D | M] -- C:\Users\Hokit\AppData\Roaming\Image Zone Express
[2011/10/14 06:31:46 | 000,000,000 | ---D | M] -- C:\Users\Hokit\AppData\Roaming\PC Cleaners
[2011/10/01 07:35:18 | 000,000,000 | ---D | M] -- C:\Users\Hokit\AppData\Roaming\PCDr
[2010/01/11 10:52:13 | 000,000,000 | -H-D | M] -- C:\Users\Hokit\AppData\Roaming\ScanSoft
[2011/10/01 07:51:48 | 000,000,000 | ---D | M] -- C:\Users\Hokit\AppData\Roaming\Smith Micro
[2011/10/01 12:36:04 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/13 06:13:31 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/18 11:44:09 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >

This is the OTL.txt report. It didn't give me the Extras.Txt

#4
Essexboy

Posted 18 October 2011 - 03:11 PM

GeekU Moderator

Retired Staff
69,964 posts

No problem I can see it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/09/30 06:03:50 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/30 06:03:32 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/30 06:03:32 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

#5
mh1018

Posted 18 October 2011 - 03:56 PM

Member

Topic Starter
Member
28 posts

OTL logfile created on: 10/18/2011 4:29:01 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hokit\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 70.83% Memory free
7.92 Gb Paging File | 6.69 Gb Available in Paging File | 84.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 321.71 Gb Free Space | 71.32% Space Free | Partition Type: NTFS

Computer Name: HOKIT-PC | User Name: Hokit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/18 15:35:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hokit\Desktop\OTL.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/01/13 14:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 14:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/10 16:45:46 | 000,351,384 | ---- | M] (The Neat Company) -- C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/18 13:57:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/18 12:11:31 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/18 12:11:17 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/18 12:11:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/18 12:10:52 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/18 11:09:43 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/18 11:09:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/18 11:09:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/18 11:09:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/18 11:09:15 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/18 11:09:03 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/01/13 14:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 14:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/04/14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/31 11:25:03 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 16:45:46 | 000,351,384 | ---- | M] (The Neat Company) [Auto | Running] -- C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe -- (NeatWorksDatabaseController)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 10:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2009/05/25 15:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-393689665-969078850-1005671023-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/01 07:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/01 07:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/17 14:42:22 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Hokit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Poppit = C:\Users\Hokit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/18 16:16:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - Reg Error: Value error. File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (WhatBird Toolbar) - {72C9A221-FCFD-4E21-8C9F-E954A4F5C92F} - C:\Program Files (x86)\WhatBird Toolbar\WhatBirdToolbar.dll (WhatBird)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-393689665-969078850-1005671023-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-393689665-969078850-1005671023-1000\..\Toolbar\WebBrowser: (WhatBird Toolbar) - {72C9A221-FCFD-4E21-8C9F-E954A4F5C92F} - C:\Program Files (x86)\WhatBird Toolbar\WhatBirdToolbar.dll (WhatBird)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\TEMP.Hokit-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-393689665-969078850-1005671023-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-393689665-969078850-1005671023-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-393689665-969078850-1005671023-1000\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FE50F4E-70A0-4B5F-BB1E-248691E530C3}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B014F8-32E6-4E6A-AC77-633DEF798827}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/18 16:15:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/18 15:35:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Hokit\Desktop\OTL.exe
[2011/10/18 15:31:31 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Hokit\Desktop\aswMBR.exe
[2011/10/17 14:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/10/17 14:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/10/15 10:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2011/10/15 10:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2011/10/15 10:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2011/10/15 10:36:44 | 000,000,000 | ---D | C] -- C:\Users\Hokit\AppData\Roaming\Garmin
[2011/10/14 11:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2011/10/14 06:31:46 | 000,000,000 | ---D | C] -- C:\Users\Hokit\AppData\Roaming\PC Cleaners
[2011/10/14 06:31:35 | 005,356,304 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/10/14 06:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2011/10/03 06:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/10/03 06:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/10/03 06:39:20 | 000,000,000 | ---D | C] -- C:\Users\Hokit\AppData\Roaming\Yahoo!
[2011/10/03 06:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011/10/02 15:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Web Player
[2011/10/02 15:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
[2011/10/02 15:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quick Web Player
[2011/10/01 14:56:41 | 000,000,000 | ---D | C] -- C:\Users\Hokit\Carbonite Restored OLD User Settings
[2011/10/01 13:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/01 13:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/01 13:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/01 13:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/09/29 13:28:05 | 000,000,000 | -H-D | C] -- C:\Users\Hokit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore
[2011/09/23 21:35:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DailyBibleGuideEI
[2011/03/05 10:35:17 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2011/03/05 10:35:17 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2011/03/05 10:35:17 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2011/03/05 10:35:16 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2011/03/05 10:35:16 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2011/03/05 10:35:16 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2011/03/05 10:35:16 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2011/03/05 10:35:16 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2011/03/05 10:35:16 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2011/03/05 10:35:16 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2011/03/05 10:35:16 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2011/03/05 10:35:16 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/18 16:25:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 16:24:58 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/18 16:24:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/18 16:24:32 | 3191,623,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/18 16:12:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/18 15:35:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hokit\Desktop\OTL.exe
[2011/10/18 15:31:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Hokit\Desktop\aswMBR.exe
[2011/10/17 17:14:32 | 442,637,273 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/17 14:32:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/15 13:33:30 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
[2011/10/14 06:31:06 | 005,356,304 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/10/02 15:59:03 | 000,137,901 | ---- | M] () -- C:\Windows\unins000.dat
[2011/10/02 15:59:02 | 000,001,077 | ---- | M] () -- C:\Users\Hokit\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Web Player.lnk
[2011/10/02 15:59:02 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Quick Web Player.lnk
[2011/10/02 15:58:32 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2011/10/01 23:18:44 | 012,470,132 | ---- | M] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 02-53-47PM.html
[2011/10/01 14:44:14 | 000,013,695 | ---- | M] () -- C:\Users\Hokit\Documents\savingsbonds.sbw.bak
[2011/10/01 14:44:14 | 000,013,695 | ---- | M] () -- C:\Users\Hokit\Documents\savingsbonds.sbw
[2011/10/01 13:25:04 | 000,001,439 | ---- | M] () -- C:\Users\Hokit\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/01 13:20:49 | 000,000,157 | ---- | M] () -- C:\Windows\SysWow64\svc2dll.dat
[2011/10/01 13:13:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/10/01 13:10:35 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/01 13:03:38 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/01 12:36:04 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/01 07:11:18 | 000,017,222 | ---- | M] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 07-08-32AM.html
[2011/10/01 07:02:12 | 000,017,526 | ---- | M] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 06-57-58AM.html
[2011/10/01 06:55:41 | 000,017,086 | ---- | M] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 06-54-31AM.html
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/15 10:48:56 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
[2011/10/02 17:03:41 | 442,637,273 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/02 15:59:02 | 000,001,077 | ---- | C] () -- C:\Users\Hokit\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Web Player.lnk
[2011/10/02 15:59:02 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Quick Web Player.lnk
[2011/10/02 15:59:01 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2011/10/02 15:59:01 | 000,137,901 | ---- | C] () -- C:\Windows\unins000.dat
[2011/10/01 23:18:42 | 012,470,132 | ---- | C] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 02-53-47PM.html
[2011/10/01 13:24:43 | 000,001,445 | ---- | C] () -- C:\Users\Hokit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/01 13:13:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/10/01 13:10:35 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/01 13:03:38 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/01 07:11:18 | 000,017,222 | ---- | C] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 07-08-32AM.html
[2011/10/01 07:02:12 | 000,017,526 | ---- | C] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 06-57-58AM.html
[2011/10/01 06:55:41 | 000,017,086 | ---- | C] () -- C:\Users\Hokit\Desktop\Restore Report 10-01-2011 06-54-31AM.html
[2011/09/23 07:36:55 | 000,000,157 | ---- | C] () -- C:\Windows\SysWow64\svc2dll.dat
[2011/03/05 10:35:17 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2011/03/05 10:35:17 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2011/03/05 10:35:17 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2011/03/05 10:35:17 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2011/03/05 10:35:17 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2011/03/05 10:35:16 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2011/03/05 10:35:16 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2011/03/05 10:35:16 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2011/03/05 10:35:16 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2010/09/13 15:19:28 | 000,007,605 | ---- | C] () -- C:\Users\Hokit\AppData\Local\Resmon.ResmonCfg
[2010/08/27 15:33:47 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/05/22 06:05:05 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2010/05/22 06:05:05 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2010/02/09 08:59:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/01/11 10:32:06 | 000,796,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/31 13:56:27 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/10/31 11:33:55 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/12/15 22:07:52 | 000,000,000 | -H-D | M] -- C:\Users\Hokit\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/27 13:20:49 | 000,000,000 | -H-D | M] -- C:\Users\Hokit\AppData\Roaming\eAcceleration
[2011/10/15 10:49:45 | 000,000,000 | ---D | M] -- C:\Users\Hokit\AppData\Roaming\Garmin
[2010/05/27 13:21:30 | 000,000,000 | -H-D | M] -- C:\Users\Hokit\AppData\Roaming\Image Zone Express
[2011/10/14 06:31:46 | 000,000,000 | ---D | M] -- C:\Users\Hokit\AppData\Roaming\PC Cleaners
[2011/10/01 07:35:18 | 000,000,000 | ---D | M] -- C:\Users\Hokit\AppData\Roaming\PCDr
[2010/01/11 10:52:13 | 000,000,000 | -H-D | M] -- C:\Users\Hokit\AppData\Roaming\ScanSoft
[2011/10/01 07:51:48 | 000,000,000 | ---D | M] -- C:\Users\Hokit\AppData\Roaming\Smith Micro
[2011/10/01 12:36:04 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/13 06:13:31 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/18 16:24:58 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

This is the report from the TDSS. There was one threat but it did not give an option to cure.

16:45:26.0170 1692 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
16:45:26.0630 1692 ============================================================
16:45:26.0630 1692 Current date / time: 2011/10/18 16:45:26.0630
16:45:26.0630 1692 SystemInfo:
16:45:26.0630 1692
16:45:26.0630 1692 OS Version: 6.1.7601 ServicePack: 1.0
16:45:26.0630 1692 Product type: Workstation
16:45:26.0630 1692 ComputerName: HOKIT-PC
16:45:26.0630 1692 UserName: Hokit
16:45:26.0630 1692 Windows directory: C:\Windows
16:45:26.0630 1692 System windows directory: C:\Windows
16:45:26.0630 1692 Running under WOW64
16:45:26.0630 1692 Processor architecture: Intel x64
16:45:26.0630 1692 Number of processors: 2
16:45:26.0630 1692 Page size: 0x1000
16:45:26.0630 1692 Boot type: Normal boot
16:45:26.0630 1692 ============================================================
16:45:30.0880 1692 Initialize success
16:47:46.0213 4224 ============================================================
16:47:46.0213 4224 Scan started
16:47:46.0213 4224 Mode: Manual; SigCheck; TDLFS;
16:47:46.0213 4224 ============================================================
16:47:48.0552 4224 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:47:48.0642 4224 1394ohci - ok
16:47:48.0793 4224 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:47:48.0824 4224 ACPI - ok
16:47:48.0933 4224 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:47:49.0011 4224 AcpiPmi - ok
16:47:49.0151 4224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:47:49.0183 4224 adp94xx - ok
16:47:49.0307 4224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:47:49.0339 4224 adpahci - ok
16:47:49.0385 4224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:47:49.0401 4224 adpu320 - ok
16:47:49.0588 4224 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:47:49.0666 4224 AFD - ok
16:47:49.0807 4224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:47:49.0822 4224 agp440 - ok
16:47:50.0009 4224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:47:50.0041 4224 aliide - ok
16:47:50.0165 4224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:47:50.0197 4224 amdide - ok
16:47:50.0259 4224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:47:50.0321 4224 AmdK8 - ok
16:47:50.0446 4224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:47:50.0524 4224 AmdPPM - ok
16:47:50.0680 4224 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
16:47:50.0711 4224 amdsata - ok
16:47:50.0821 4224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:47:50.0836 4224 amdsbs - ok
16:47:50.0899 4224 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
16:47:50.0899 4224 amdxata - ok
16:47:51.0086 4224 ApfiltrService (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:47:51.0133 4224 ApfiltrService - ok
16:47:51.0257 4224 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:47:51.0351 4224 AppID - ok
16:47:51.0585 4224 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:47:51.0616 4224 arc - ok
16:47:51.0725 4224 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:47:51.0741 4224 arcsas - ok
16:47:51.0819 4224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:47:51.0913 4224 AsyncMac - ok
16:47:52.0084 4224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:47:52.0084 4224 atapi - ok
16:47:52.0271 4224 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
16:47:52.0381 4224 athr - ok
16:47:52.0521 4224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:47:52.0568 4224 b06bdrv - ok
16:47:52.0708 4224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:47:52.0771 4224 b57nd60a - ok
16:47:52.0880 4224 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:47:52.0989 4224 Beep - ok
16:47:53.0098 4224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:47:53.0176 4224 blbdrive - ok
16:47:53.0348 4224 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:47:53.0426 4224 bowser - ok
16:47:53.0675 4224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:47:53.0753 4224 BrFiltLo - ok
16:47:53.0925 4224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:47:53.0956 4224 BrFiltUp - ok
16:47:54.0096 4224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:47:54.0159 4224 Brserid - ok
16:47:54.0252 4224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:47:54.0299 4224 BrSerWdm - ok
16:47:54.0330 4224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:47:54.0377 4224 BrUsbMdm - ok
16:47:54.0516 4224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:47:54.0588 4224 BrUsbSer - ok
16:47:54.0619 4224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:47:54.0668 4224 BTHMODEM - ok
16:47:54.0798 4224 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:47:54.0876 4224 cdfs - ok
16:47:55.0016 4224 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:47:55.0078 4224 cdrom - ok
16:47:55.0219 4224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:47:55.0297 4224 circlass - ok
16:47:55.0328 4224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:47:55.0359 4224 CLFS - ok
16:47:55.0486 4224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:47:55.0546 4224 CmBatt - ok
16:47:55.0606 4224 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:47:55.0636 4224 cmdide - ok
16:47:55.0806 4224 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:47:55.0866 4224 CNG - ok
16:47:55.0988 4224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:47:56.0008 4224 Compbatt - ok
16:47:56.0068 4224 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:47:56.0148 4224 CompositeBus - ok
16:47:56.0318 4224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:47:56.0348 4224 crcdisk - ok
16:47:56.0488 4224 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:47:56.0551 4224 CtClsFlt - ok
16:47:56.0711 4224 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:47:56.0803 4224 DfsC - ok
16:47:56.0913 4224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:47:56.0973 4224 discache - ok
16:47:57.0123 4224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:47:57.0153 4224 Disk - ok
16:47:57.0293 4224 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:47:57.0363 4224 drmkaud - ok
16:47:57.0453 4224 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:47:57.0493 4224 DXGKrnl - ok
16:47:57.0698 4224 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
16:47:57.0711 4224 eamonm - ok
16:47:58.0101 4224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:47:58.0251 4224 ebdrv - ok
16:47:58.0431 4224 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
16:47:58.0451 4224 ehdrv - ok
16:47:58.0783 4224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:47:58.0873 4224 elxstor - ok
16:47:59.0043 4224 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
16:47:59.0063 4224 epfwwfpr - ok
16:47:59.0273 4224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:47:59.0333 4224 ErrDev - ok
16:47:59.0523 4224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:47:59.0633 4224 exfat - ok
16:47:59.0783 4224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:47:59.0883 4224 fastfat - ok
16:47:59.0983 4224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:48:00.0053 4224 fdc - ok
16:48:00.0113 4224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:48:00.0133 4224 FileInfo - ok
16:48:00.0263 4224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:48:00.0363 4224 Filetrace - ok
16:48:00.0483 4224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:48:00.0503 4224 flpydisk - ok
16:48:00.0643 4224 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:48:00.0663 4224 FltMgr - ok
16:48:00.0793 4224 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:48:00.0823 4224 FsDepends - ok
16:48:00.0863 4224 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:48:00.0883 4224 Fs_Rec - ok
16:48:01.0024 4224 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:48:01.0054 4224 fvevol - ok
16:48:01.0164 4224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:48:01.0174 4224 gagp30kx - ok
16:48:01.0234 4224 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:01.0244 4224 GEARAspiWDM - ok
16:48:01.0552 4224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:48:01.0597 4224 hcw85cir - ok
16:48:01.0714 4224 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:48:01.0755 4224 HdAudAddService - ok
16:48:01.0882 4224 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:48:01.0945 4224 HDAudBus - ok
16:48:01.0992 4224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:48:02.0054 4224 HidBatt - ok
16:48:02.0226 4224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:48:02.0319 4224 HidBth - ok
16:48:02.0413 4224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:48:02.0444 4224 HidIr - ok
16:48:02.0584 4224 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:48:02.0647 4224 HidUsb - ok
16:48:02.0790 4224 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:48:02.0820 4224 HpSAMD - ok
16:48:03.0010 4224 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:48:03.0110 4224 HTTP - ok
16:48:03.0310 4224 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:48:03.0320 4224 hwpolicy - ok
16:48:03.0550 4224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:48:03.0590 4224 i8042prt - ok
16:48:03.0750 4224 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
16:48:03.0790 4224 iaStorV - ok
16:48:04.0780 4224 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:48:05.0131 4224 igfx - ok
16:48:05.0231 4224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:48:05.0251 4224 iirsp - ok
16:48:05.0301 4224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:48:05.0311 4224 intelide - ok
16:48:05.0461 4224 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:48:05.0501 4224 intelppm - ok
16:48:05.0641 4224 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:05.0739 4224 IpFilterDriver - ok
16:48:05.0829 4224 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:48:05.0899 4224 IPMIDRV - ok
16:48:06.0029 4224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:48:06.0149 4224 IPNAT - ok
16:48:06.0269 4224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:48:06.0339 4224 IRENUM - ok
16:48:06.0389 4224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:48:06.0419 4224 isapnp - ok
16:48:06.0539 4224 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:48:06.0569 4224 iScsiPrt - ok
16:48:06.0709 4224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:48:06.0729 4224 kbdclass - ok
16:48:06.0859 4224 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:48:06.0929 4224 kbdhid - ok
16:48:06.0999 4224 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:48:07.0039 4224 KSecDD - ok
16:48:07.0178 4224 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:48:07.0209 4224 KSecPkg - ok
16:48:07.0350 4224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:48:07.0428 4224 ksthunk - ok
16:48:07.0615 4224 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:48:07.0724 4224 lltdio - ok
16:48:07.0880 4224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:48:07.0896 4224 LSI_FC - ok
16:48:07.0943 4224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:48:07.0958 4224 LSI_SAS - ok
16:48:08.0067 4224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:48:08.0083 4224 LSI_SAS2 - ok
16:48:08.0114 4224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:48:08.0145 4224 LSI_SCSI - ok
16:48:08.0239 4224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:48:08.0364 4224 luafv - ok
16:48:08.0504 4224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:48:08.0520 4224 megasas - ok
16:48:08.0582 4224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:48:08.0613 4224 MegaSR - ok
16:48:08.0738 4224 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:48:08.0847 4224 Modem - ok
16:48:08.0957 4224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:48:08.0989 4224 monitor - ok
16:48:09.0036 4224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:48:09.0051 4224 mouclass - ok
16:48:09.0223 4224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:48:09.0316 4224 mouhid - ok
16:48:09.0457 4224 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:48:09.0488 4224 mountmgr - ok
16:48:09.0535 4224 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:48:09.0570 4224 mpio - ok
16:48:09.0676 4224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:48:09.0770 4224 mpsdrv - ok
16:48:09.0817 4224 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:48:09.0884 4224 MRxDAV - ok
16:48:10.0056 4224 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:10.0118 4224 mrxsmb - ok
16:48:10.0290 4224 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:10.0352 4224 mrxsmb10 - ok
16:48:10.0493 4224 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:10.0539 4224 mrxsmb20 - ok
16:48:10.0649 4224 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:48:10.0680 4224 msahci - ok
16:48:10.0789 4224 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:48:10.0820 4224 msdsm - ok
16:48:10.0976 4224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:48:11.0039 4224 Msfs - ok
16:48:11.0163 4224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:48:11.0257 4224 mshidkmdf - ok
16:48:11.0444 4224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:48:11.0460 4224 msisadrv - ok
16:48:11.0569 4224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:48:11.0663 4224 MSKSSRV - ok
16:48:11.0694 4224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:11.0761 4224 MSPCLOCK - ok
16:48:11.0971 4224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:48:12.0091 4224 MSPQM - ok
16:48:12.0311 4224 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:48:12.0341 4224 MsRPC - ok
16:48:12.0541 4224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:48:12.0551 4224 mssmbios - ok
16:48:12.0661 4224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:48:12.0771 4224 MSTEE - ok
16:48:12.0941 4224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:48:13.0042 4224 MTConfig - ok
16:48:13.0162 4224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:48:13.0182 4224 Mup - ok
16:48:13.0292 4224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:48:13.0342 4224 NativeWifiP - ok
16:48:13.0472 4224 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:48:13.0532 4224 NDIS - ok
16:48:13.0642 4224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:13.0732 4224 NdisCap - ok
16:48:13.0782 4224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:13.0844 4224 NdisTapi - ok
16:48:14.0000 4224 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:14.0125 4224 Ndisuio - ok
16:48:14.0281 4224 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:14.0359 4224 NdisWan - ok
16:48:14.0546 4224 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:48:14.0638 4224 NDProxy - ok
16:48:15.0005 4224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:48:15.0161 4224 NetBIOS - ok
16:48:15.0208 4224 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:48:15.0254 4224 NetBT - ok
16:48:15.0457 4224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:48:15.0488 4224 nfrd960 - ok
16:48:15.0613 4224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:48:15.0704 4224 Npfs - ok
16:48:15.0816 4224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:48:15.0917 4224 nsiproxy - ok
16:48:16.0213 4224 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
16:48:18.0365 4224 Ntfs - ok
16:48:18.0568 4224 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:48:18.0650 4224 Null - ok
16:48:18.0815 4224 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
16:48:18.0853 4224 nvraid - ok
16:48:19.0029 4224 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
16:48:19.0060 4224 nvstor - ok
16:48:19.0200 4224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:48:19.0216 4224 nv_agp - ok
16:48:19.0388 4224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:48:19.0466 4224 ohci1394 - ok
16:48:19.0606 4224 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:48:19.0637 4224 Parport - ok
16:48:19.0668 4224 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:48:19.0700 4224 partmgr - ok
16:48:19.0871 4224 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:48:19.0887 4224 pci - ok
16:48:20.0043 4224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:48:20.0074 4224 pciide - ok
16:48:20.0308 4224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:20.0386 4224 pcmcia - ok
16:48:20.0830 4224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:48:20.0860 4224 pcw - ok
16:48:20.0970 4224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:48:21.0040 4224 PEAUTH - ok
16:48:21.0220 4224 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:21.0320 4224 PptpMiniport - ok
16:48:21.0450 4224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:48:21.0510 4224 Processor - ok
16:48:21.0678 4224 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:48:21.0763 4224 Psched - ok
16:48:21.0995 4224 PTDMBus (2acaa1c1a86b656cde25f47cb870d211) C:\Windows\system32\DRIVERS\PTDMBus.sys
16:48:22.0025 4224 PTDMBus - ok
16:48:22.0155 4224 PTDMMdm (1d149721558e268ac96efbcf23cbbad3) C:\Windows\system32\DRIVERS\PTDMMdm.sys
16:48:22.0225 4224 PTDMMdm - ok
16:48:22.0335 4224 PTDMVsp (00ced3c1f3e92a6ba9da952466d78395) C:\Windows\system32\DRIVERS\PTDMVsp.sys
16:48:22.0345 4224 PTDMVsp - ok
16:48:22.0405 4224 PTDMWFLT (b81dd35426a0a8976b207d376c9ecde3) C:\Windows\system32\DRIVERS\PTDMWFLT.sys
16:48:22.0415 4224 PTDMWFLT - ok
16:48:22.0525 4224 PTDMWWAN (bdd28a7ea7daa55eddf7c6b2a6522ce7) C:\Windows\system32\DRIVERS\PTDMWWAN.sys
16:48:22.0545 4224 PTDMWWAN - ok
16:48:22.0675 4224 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:48:22.0685 4224 PxHlpa64 - ok
16:48:22.0825 4224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:48:22.0872 4224 ql2300 - ok
16:48:23.0059 4224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:48:23.0106 4224 ql40xx - ok
16:48:23.0278 4224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:48:23.0356 4224 QWAVEdrv - ok
16:48:23.0496 4224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:23.0574 4224 RasAcd - ok
16:48:23.0683 4224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:48:23.0730 4224 RasAgileVpn - ok
16:48:23.0824 4224 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:23.0917 4224 Rasl2tp - ok
16:48:24.0027 4224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:24.0105 4224 RasPppoe - ok
16:48:24.0245 4224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:24.0364 4224 RasSstp - ok
16:48:24.0604 4224 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:24.0714 4224 rdbss - ok
16:48:24.0884 4224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:48:24.0974 4224 rdpbus - ok
16:48:25.0094 4224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:25.0194 4224 RDPCDD - ok
16:48:25.0374 4224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:48:25.0464 4224 RDPENCDD - ok
16:48:25.0624 4224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:48:25.0684 4224 RDPREFMP - ok
16:48:25.0884 4224 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:48:26.0094 4224 RDPWD - ok
16:48:26.0524 4224 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:48:26.0594 4224 rdyboost - ok
16:48:26.0717 4224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:26.0847 4224 rspndr - ok
16:48:27.0004 4224 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
16:48:27.0084 4224 RSUSBSTOR - ok
16:48:27.0284 4224 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:48:27.0324 4224 RTL8167 - ok
16:48:27.0614 4224 RxFilter - ok
16:48:27.0699 4224 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:48:27.0727 4224 sbp2port - ok
16:48:27.0799 4224 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:48:27.0947 4224 scfilter - ok
16:48:28.0097 4224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:48:28.0222 4224 secdrv - ok
16:48:28.0550 4224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:48:28.0612 4224 Serenum - ok
16:48:28.0799 4224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:48:28.0846 4224 Serial - ok
16:48:29.0080 4224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:48:29.0142 4224 sermouse - ok
16:48:29.0564 4224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:48:29.0626 4224 sffdisk - ok
16:48:29.0766 4224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:29.0844 4224 sffp_mmc - ok
16:48:30.0094 4224 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:48:30.0156 4224 sffp_sd - ok
16:48:30.0625 4224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:48:30.0721 4224 sfloppy - ok
16:48:30.0858 4224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:48:30.0873 4224 SiSRaid2 - ok
16:48:30.0907 4224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:48:30.0919 4224 SiSRaid4 - ok
16:48:31.0096 4224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:48:31.0205 4224 Smb - ok
16:48:31.0377 4224 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
16:48:31.0392 4224 SMSIVZAM5X64 - ok
16:48:31.0517 4224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:48:31.0533 4224 spldr - ok
16:48:31.0767 4224 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:48:31.0814 4224 srv - ok
16:48:31.0985 4224 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:48:32.0016 4224 srv2 - ok
16:48:32.0188 4224 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:32.0251 4224 srvnet - ok
16:48:32.0423 4224 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:48:32.0454 4224 stexstor - ok
16:48:32.0563 4224 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
16:48:32.0610 4224 STHDA - ok
16:48:32.0786 4224 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:48:32.0808 4224 swenum - ok
16:48:33.0204 4224 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:48:33.0297 4224 Tcpip - ok
16:48:33.0625 4224 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:33.0672 4224 TCPIP6 - ok
16:48:33.0875 4224 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:48:33.0984 4224 tcpipreg - ok
16:48:34.0155 4224 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:48:34.0249 4224 TDPIPE - ok
16:48:34.0436 4224 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:48:34.0545 4224 TDTCP - ok
16:48:34.0686 4224 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:48:34.0745 4224 tdx - ok
16:48:34.0852 4224 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:48:34.0872 4224 TermDD - ok
16:48:35.0095 4224 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:35.0157 4224 tssecsrv - ok
16:48:35.0297 4224 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:48:35.0344 4224 TsUsbFlt - ok
16:48:35.0500 4224 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:48:35.0594 4224 tunnel - ok
16:48:35.0641 4224 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:48:35.0656 4224 uagp35 - ok
16:48:35.0777 4224 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:48:35.0878 4224 udfs - ok
16:48:36.0033 4224 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:48:36.0063 4224 uliagpkx - ok
16:48:36.0113 4224 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:48:36.0173 4224 umbus - ok
16:48:36.0293 4224 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:48:36.0363 4224 UmPass - ok
16:48:36.0513 4224 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
16:48:36.0573 4224 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
16:48:36.0573 4224 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
16:48:36.0613 4224 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:36.0653 4224 usbccgp - ok
16:48:37.0123 4224 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:48:37.0263 4224 usbcir - ok
16:48:37.0513 4224 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
16:48:37.0553 4224 usbehci - ok
16:48:37.0713 4224 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
16:48:37.0793 4224 usbhub - ok
16:48:37.0923 4224 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
16:48:37.0953 4224 usbohci - ok
16:48:38.0063 4224 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:48:38.0123 4224 usbprint - ok
16:48:38.0263 4224 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:48:38.0323 4224 usbscan - ok
16:48:38.0493 4224 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:48:38.0573 4224 USBSTOR - ok
16:48:38.0753 4224 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
16:48:38.0813 4224 usbuhci - ok
16:48:38.0953 4224 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:48:38.0993 4224 usbvideo - ok
16:48:39.0073 4224 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:48:39.0093 4224 vdrvroot - ok
16:48:39.0293 4224 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:39.0313 4224 vga - ok
16:48:39.0563 4224 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:48:39.0653 4224 VgaSave - ok
16:48:39.0833 4224 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:48:39.0873 4224 vhdmp - ok
16:48:40.0003 4224 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:48:40.0043 4224 viaide - ok
16:48:40.0093 4224 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:48:40.0113 4224 volmgr - ok
16:48:40.0273 4224 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:48:40.0313 4224 volmgrx - ok
16:48:40.0433 4224 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:48:40.0483 4224 volsnap - ok
16:48:40.0593 4224 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:48:40.0613 4224 vsmraid - ok
16:48:40.0663 4224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:48:40.0723 4224 vwifibus - ok
16:48:40.0918 4224 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:48:41.0000 4224 vwififlt - ok
16:48:41.0110 4224 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:48:41.0136 4224 vwifimp - ok
16:48:41.0214 4224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:48:41.0276 4224 WacomPen - ok
16:48:41.0417 4224 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:48:41.0495 4224 WANARP - ok
16:48:41.0526 4224 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:48:41.0573 4224 Wanarpv6 - ok
16:48:41.0838 4224 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:48:41.0869 4224 Wd - ok
16:48:42.0103 4224 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:48:42.0134 4224 Wdf01000 - ok
16:48:42.0462 4224 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:48:42.0540 4224 WfpLwf - ok
16:48:42.0974 4224 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:48:43.0004 4224 WimFltr - ok
16:48:43.0178 4224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:48:43.0210 4224 WIMMount - ok
16:48:43.0381 4224 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:48:43.0444 4224 WinUsb - ok
16:48:43.0600 4224 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:48:43.0646 4224 WmiAcpi - ok
16:48:43.0724 4224 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:48:43.0771 4224 ws2ifsl - ok
16:48:43.0927 4224 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:48:43.0990 4224 WSDPrintDevice - ok
16:48:44.0192 4224 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:48:44.0302 4224 WudfPf - ok
16:48:44.0458 4224 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:48:44.0520 4224 WUDFRd - ok
16:48:44.0676 4224 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
16:48:45.0035 4224 \Device\Harddisk0\DR0 - ok
16:48:45.0082 4224 Boot (0x1200) (a5a47f88a08d4a60ab8861a5e6c4609c) \Device\Harddisk0\DR0\Partition0
16:48:45.0097 4224 \Device\Harddisk0\DR0\Partition0 - ok
16:48:45.0113 4224 Boot (0x1200) (d367eb3e6ac8d59139173d1a1b165d21) \Device\Harddisk0\DR0\Partition1
16:48:45.0128 4224 \Device\Harddisk0\DR0\Partition1 - ok
16:48:45.0128 4224 ============================================================
16:48:45.0128 4224 Scan finished
16:48:45.0128 4224 ============================================================
16:48:45.0160 2052 Detected object count: 1
16:48:45.0160 2052 Actual detected object count: 1
16:48:56.0861 2052 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:56.0861 2052 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:51:23.0525 0148 ============================================================
16:51:23.0525 0148 Scan started
16:51:23.0525 0148 Mode: Manual; SigCheck; TDLFS;
16:51:23.0525 0148 ============================================================
16:51:24.0175 0148 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:51:24.0205 0148 1394ohci - ok
16:51:24.0265 0148 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:51:24.0275 0148 ACPI - ok
16:51:24.0375 0148 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:51:24.0395 0148 AcpiPmi - ok
16:51:24.0445 0148 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:51:24.0475 0148 adp94xx - ok
16:51:24.0565 0148 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:51:24.0585 0148 adpahci - ok
16:51:24.0605 0148 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:51:24.0615 0148 adpu320 - ok
16:51:24.0665 0148 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:51:24.0685 0148 AFD - ok
16:51:24.0785 0148 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:51:24.0795 0148 agp440 - ok
16:51:24.0845 0148 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:51:24.0855 0148 aliide - ok
16:51:24.0955 0148 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:51:24.0965 0148 amdide - ok
16:51:25.0005 0148 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:51:25.0025 0148 AmdK8 - ok
16:51:25.0055 0148 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:51:25.0075 0148 AmdPPM - ok
16:51:25.0175 0148 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
16:51:25.0195 0148 amdsata - ok
16:51:25.0245 0148 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:51:25.0255 0148 amdsbs - ok
16:51:25.0375 0148 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
16:51:25.0395 0148 amdxata - ok
16:51:25.0425 0148 ApfiltrService (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:51:25.0445 0148 ApfiltrService - ok
16:51:25.0548 0148 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:51:25.0588 0148 AppID - ok
16:51:25.0640 0148 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:51:25.0645 0148 arc - ok
16:51:25.0733 0148 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:51:25.0743 0148 arcsas - ok
16:51:25.0763 0148 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:25.0803 0148 AsyncMac - ok
16:51:25.0843 0148 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:51:25.0853 0148 atapi - ok
16:51:25.0993 0148 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
16:51:26.0023 0148 athr - ok
16:51:26.0133 0148 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:51:26.0153 0148 b06bdrv - ok
16:51:26.0243 0148 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:51:26.0263 0148 b57nd60a - ok
16:51:26.0273 0148 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:51:26.0333 0148 Beep - ok
16:51:26.0353 0148 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:51:26.0373 0148 blbdrive - ok
16:51:26.0433 0148 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:51:26.0453 0148 bowser - ok
16:51:26.0553 0148 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:51:26.0563 0148 BrFiltLo - ok
16:51:26.0583 0148 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:51:26.0613 0148 BrFiltUp - ok
16:51:26.0643 0148 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:51:26.0663 0148 Brserid - ok
16:51:26.0743 0148 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:51:26.0763 0148 BrSerWdm - ok
16:51:26.0773 0148 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:51:26.0793 0148 BrUsbMdm - ok
16:51:26.0803 0148 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:51:26.0823 0148 BrUsbSer - ok
16:51:26.0843 0148 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:51:26.0873 0148 BTHMODEM - ok
16:51:26.0973 0148 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:51:27.0013 0148 cdfs - ok
16:51:27.0053 0148 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:51:27.0073 0148 cdrom - ok
16:51:27.0153 0148 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:51:27.0173 0148 circlass - ok
16:51:27.0213 0148 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:51:27.0233 0148 CLFS - ok
16:51:27.0343 0148 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:51:27.0363 0148 CmBatt - ok
16:51:27.0403 0148 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:51:27.0413 0148 cmdide - ok
16:51:27.0473 0148 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:51:27.0503 0148 CNG - ok
16:51:27.0583 0148 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:51:27.0593 0148 Compbatt - ok
16:51:27.0633 0148 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:51:27.0653 0148 CompositeBus - ok
16:51:27.0673 0148 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:51:27.0683 0148 crcdisk - ok
16:51:27.0733 0148 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:51:27.0743 0148 CtClsFlt - ok
16:51:27.0863 0148 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:51:27.0903 0148 DfsC - ok
16:51:27.0943 0148 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:51:27.0984 0148 discache - ok
16:51:28.0084 0148 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:51:28.0094 0148 Disk - ok
16:51:28.0124 0148 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:51:28.0144 0148 drmkaud - ok
16:51:28.0204 0148 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:51:28.0234 0148 DXGKrnl - ok
16:51:28.0344 0148 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
16:51:28.0354 0148 eamonm - ok
16:51:28.0454 0148 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:51:28.0516 0148 ebdrv - ok
16:51:28.0634 0148 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
16:51:28.0649 0148 ehdrv - ok
16:51:28.0694 0148 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:51:28.0719 0148 elxstor - ok
16:51:28.0821 0148 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
16:51:28.0841 0148 epfwwfpr - ok
16:51:28.0901 0148 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:51:28.0911 0148 ErrDev - ok
16:51:29.0011 0148 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:51:29.0061 0148 exfat - ok
16:51:29.0081 0148 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:51:29.0131 0148 fastfat - ok
16:51:29.0151 0148 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:51:29.0171 0148 fdc - ok
16:51:29.0271 0148 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:51:29.0281 0148 FileInfo - ok
16:51:29.0301 0148 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:51:29.0351 0148 Filetrace - ok
16:51:29.0371 0148 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:51:29.0391 0148 flpydisk - ok
16:51:29.0501 0148 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:51:29.0511 0148 FltMgr - ok
16:51:29.0551 0148 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:51:29.0571 0148 FsDepends - ok
16:51:29.0651 0148 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:51:29.0671 0148 Fs_Rec - ok
16:51:29.0711 0148 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:51:29.0741 0148 fvevol - ok
16:51:29.0761 0148 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:51:29.0771 0148 gagp30kx - ok
16:51:29.0871 0148 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:51:29.0881 0148 GEARAspiWDM - ok
16:51:29.0941 0148 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:51:29.0961 0148 hcw85cir - ok
16:51:30.0061 0148 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:51:30.0091 0148 HdAudAddService - ok
16:51:30.0111 0148 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:51:30.0131 0148 HDAudBus - ok
16:51:30.0171 0148 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:51:30.0191 0148 HidBatt - ok
16:51:30.0281 0148 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:51:30.0301 0148 HidBth - ok
16:51:30.0331 0148 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:51:30.0351 0148 HidIr - ok
16:51:30.0411 0148 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:51:30.0421 0148 HidUsb - ok
16:51:30.0521 0148 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:51:30.0531 0148 HpSAMD - ok
16:51:30.0601 0148 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:51:30.0651 0148 HTTP - ok
16:51:30.0761 0148 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:51:30.0781 0148 hwpolicy - ok
16:51:30.0821 0148 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:51:30.0841 0148 i8042prt - ok
16:51:30.0961 0148 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
16:51:30.0981 0148 iaStorV - ok
16:51:31.0241 0148 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:51:31.0391 0148 igfx - ok
16:51:31.0504 0148 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:51:31.0516 0148 iirsp - ok
16:51:31.0576 0148 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:51:31.0589 0148 intelide - ok
16:51:31.0674 0148 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:51:31.0694 0148 intelppm - ok
16:51:31.0754 0148 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:31.0794 0148 IpFilterDriver - ok
16:51:31.0844 0148 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:51:31.0864 0148 IPMIDRV - ok
16:51:31.0944 0148 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:51:31.0994 0148 IPNAT - ok
16:51:32.0014 0148 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:51:32.0034 0148 IRENUM - ok
16:51:32.0094 0148 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:51:32.0104 0148 isapnp - ok
16:51:32.0214 0148 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:51:32.0234 0148 iScsiPrt - ok
16:51:32.0284 0148 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:51:32.0294 0148 kbdclass - ok
16:51:32.0394 0148 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:51:32.0414 0148 kbdhid - ok
16:51:32.0464 0148 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:51:32.0474 0148 KSecDD - ok
16:51:32.0524 0148 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:51:32.0534 0148 KSecPkg - ok
16:51:32.0624 0148 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:51:32.0664 0148 ksthunk - ok
16:51:32.0704 0148 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:51:32.0744 0148 lltdio - ok
16:51:32.0774 0148 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:51:32.0784 0148 LSI_FC - ok
16:51:32.0884 0148 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:51:32.0904 0148 LSI_SAS - ok
16:51:32.0924 0148 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:51:32.0934 0148 LSI_SAS2 - ok
16:51:32.0964 0148 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:51:32.0974 0148 LSI_SCSI - ok
16:51:33.0064 0148 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:51:33.0104 0148 luafv - ok
16:51:33.0144 0148 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:51:33.0154 0148 megasas - ok
16:51:33.0194 0148 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:51:33.0204 0148 MegaSR - ok
16:51:33.0304 0148 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:51:33.0344 0148 Modem - ok
16:51:33.0364 0148 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:51:33.0384 0148 monitor - ok
16:51:33.0424 0148 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:51:33.0444 0148 mouclass - ok
16:51:33.0539 0148 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:51:33.0556 0148 mouhid - ok
16:51:33.0606 0148 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:51:33.0616 0148 mountmgr - ok
16:51:33.0729 0148 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:51:33.0739 0148 mpio - ok
16:51:33.0774 0148 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:51:33.0826 0148 mpsdrv - ok
16:51:33.0926 0148 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:51:33.0956 0148 MRxDAV - ok
16:51:33.0986 0148 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:34.0006 0148 mrxsmb - ok
16:51:34.0046 0148 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:34.0066 0148 mrxsmb10 - ok
16:51:34.0146 0148 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:34.0166 0148 mrxsmb20 - ok
16:51:34.0206 0148 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:51:34.0216 0148 msahci - ok
16:51:34.0276 0148 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:51:34.0286 0148 msdsm - ok
16:51:34.0386 0148 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:51:34.0426 0148 Msfs - ok
16:51:34.0436 0148 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:51:34.0486 0148 mshidkmdf - ok
16:51:34.0536 0148 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:51:34.0544 0148 msisadrv - ok
16:51:34.0571 0148 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:51:34.0614 0148 MSKSSRV - ok
16:51:34.0706 0148 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:34.0751 0148 MSPCLOCK - ok
16:51:34.0771 0148 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:51:34.0816 0148 MSPQM - ok
16:51:34.0866 0148 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:51:34.0886 0148 MsRPC - ok
16:51:34.0997 0148 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:51:35.0017 0148 mssmbios - ok
16:51:35.0047 0148 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:51:35.0087 0148 MSTEE - ok
16:51:35.0177 0148 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:51:35.0197 0148 MTConfig - ok
16:51:35.0217 0148 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:51:35.0227 0148 Mup - ok
16:51:35.0257 0148 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:51:35.0287 0148 NativeWifiP - ok
16:51:35.0397 0148 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:51:35.0427 0148 NDIS - ok
16:51:35.0507 0148 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:51:35.0560 0148 NdisCap - ok
16:51:35.0580 0148 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:35.0630 0148 NdisTapi - ok
16:51:35.0665 0148 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:35.0715 0148 Ndisuio - ok
16:51:35.0790 0148 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:35.0830 0148 NdisWan - ok
16:51:35.0880 0148 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:51:35.0930 0148 NDProxy - ok
16:51:35.0960 0148 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:51:36.0010 0148 NetBIOS - ok
16:51:36.0120 0148 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:51:36.0160 0148 NetBT - ok
16:51:36.0220 0148 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:51:36.0230 0148 nfrd960 - ok
16:51:36.0320 0148 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:51:36.0370 0148 Npfs - ok
16:51:36.0400 0148 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:51:36.0440 0148 nsiproxy - ok
16:51:36.0520 0148 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
16:51:36.0560 0148 Ntfs - ok
16:51:36.0650 0148 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:51:36.0690 0148 Null - ok
16:51:36.0740 0148 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
16:51:36.0750 0148 nvraid - ok
16:51:36.0860 0148 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
16:51:36.0870 0148 nvstor - ok
16:51:36.0890 0148 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:51:36.0900 0148 nv_agp - ok
16:51:36.0930 0148 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:51:36.0950 0148 ohci1394 - ok
16:51:37.0060 0148 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:51:37.0080 0148 Parport - ok
16:51:37.0120 0148 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:51:37.0130 0148 partmgr - ok
16:51:37.0240 0148 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:51:37.0250 0148 pci - ok
16:51:37.0310 0148 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:51:37.0320 0148 pciide - ok
16:51:37.0420 0148 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:51:37.0440 0148 pcmcia - ok
16:51:37.0460 0148 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:51:37.0470 0148 pcw - ok
16:51:37.0500 0148 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:51:37.0550 0148 PEAUTH - ok
16:51:37.0795 0148 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:51:37.0830 0148 PptpMiniport - ok
16:51:37.0860 0148 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:51:37.0880 0148 Processor - ok
16:51:38.0001 0148 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:51:38.0041 0148 Psched - ok
16:51:38.0081 0148 PTDMBus (2acaa1c1a86b656cde25f47cb870d211) C:\Windows\system32\DRIVERS\PTDMBus.sys
16:51:38.0091 0148 PTDMBus - ok
16:51:38.0191 0148 PTDMMdm (1d149721558e268ac96efbcf23cbbad3) C:\Windows\system32\DRIVERS\PTDMMdm.sys
16:51:38.0201 0148 PTDMMdm - ok
16:51:38.0221 0148 PTDMVsp (00ced3c1f3e92a6ba9da952466d78395) C:\Windows\system32\DRIVERS\PTDMVsp.sys
16:51:38.0231 0148 PTDMVsp - ok
16:51:38.0311 0148 PTDMWFLT (b81dd35426a0a8976b207d376c9ecde3) C:\Windows\system32\DRIVERS\PTDMWFLT.sys
16:51:38.0321 0148 PTDMWFLT - ok
16:51:38.0351 0148 PTDMWWAN (bdd28a7ea7daa55eddf7c6b2a6522ce7) C:\Windows\system32\DRIVERS\PTDMWWAN.sys
16:51:38.0361 0148 PTDMWWAN - ok
16:51:38.0391 0148 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:51:38.0401 0148 PxHlpa64 - ok
16:51:38.0521 0148 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:51:38.0561 0148 ql2300 - ok
16:51:38.0651 0148 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:51:38.0661 0148 ql40xx - ok
16:51:38.0691 0148 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:51:38.0721 0148 QWAVEdrv - ok
16:51:38.0741 0148 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:51:38.0791 0148 RasAcd - ok
16:51:38.0861 0148 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:51:38.0911 0148 RasAgileVpn - ok
16:51:38.0971 0148 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:39.0011 0148 Rasl2tp - ok
16:51:39.0051 0148 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:39.0091 0148 RasPppoe - ok
16:51:39.0191 0148 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:51:39.0231 0148 RasSstp - ok
16:51:39.0281 0148 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:51:39.0321 0148 rdbss - ok
16:51:39.0421 0148 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:51:39.0441 0148 rdpbus - ok
16:51:39.0471 0148 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:39.0511 0148 RDPCDD - ok
16:51:39.0551 0148 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:51:39.0591 0148 RDPENCDD - ok
16:51:39.0671 0148 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:51:39.0711 0148 RDPREFMP - ok
16:51:39.0771 0148 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:51:39.0821 0148 RDPWD - ok
16:51:39.0931 0148 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:51:39.0951 0148 rdyboost - ok
16:51:40.0011 0148 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:51:40.0051 0148 rspndr - ok
16:51:40.0141 0148 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
16:51:40.0161 0148 RSUSBSTOR - ok
16:51:40.0201 0148 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:51:40.0211 0148 RTL8167 - ok
16:51:40.0291 0148 RxFilter - ok
16:51:40.0341 0148 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:51:40.0351 0148 sbp2port - ok
16:51:40.0401 0148 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:51:40.0441 0148 scfilter - ok
16:51:40.0501 0148 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:51:40.0541 0148 secdrv - ok
16:51:40.0651 0148 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:51:40.0671 0148 Serenum - ok
16:51:40.0701 0148 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:51:40.0721 0148 Serial - ok
16:51:40.0761 0148 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:51:40.0781 0148 sermouse - ok
16:51:40.0901 0148 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:51:40.0921 0148 sffdisk - ok
16:51:40.0941 0148 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:51:40.0961 0148 sffp_mmc - ok
16:51:40.0981 0148 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:51:41.0001 0148 sffp_sd - ok
16:51:41.0031 0148 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:51:41.0051 0148 sfloppy - ok
16:51:41.0151 0148 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:51:41.0161 0148 SiSRaid2 - ok
16:51:41.0181 0148 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:51:41.0201 0148 SiSRaid4 - ok
16:51:41.0231 0148 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:51:41.0271 0148 Smb - ok
16:51:41.0361 0148 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
16:51:41.0381 0148 SMSIVZAM5X64 - ok
16:51:41.0481 0148 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:51:41.0491 0148 spldr - ok
16:51:41.0551 0148 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:51:41.0571 0148 srv - ok
16:51:41.0671 0148 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:51:41.0691 0148 srv2 - ok
16:51:41.0721 0148 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:51:41.0741 0148 srvnet - ok
16:51:41.0841 0148 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:51:41.0851 0148 stexstor - ok
16:51:41.0891 0148 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
16:51:41.0921 0148 STHDA - ok
16:51:42.0041 0148 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:51:42.0051 0148 swenum - ok
16:51:42.0131 0148 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:51:42.0181 0148 Tcpip - ok
16:51:42.0301 0148 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:51:42.0341 0148 TCPIP6 - ok
16:51:42.0451 0148 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:51:42.0491 0148 tcpipreg - ok
16:51:42.0531 0148 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:51:42.0571 0148 TDPIPE - ok
16:51:42.0671 0148 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:51:42.0713 0148 TDTCP - ok
16:51:42.0761 0148 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:51:42.0803 0148 tdx - ok
16:51:42.0906 0148 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:51:42.0916 0148 TermDD - ok
16:51:42.0986 0148 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:43.0026 0148 tssecsrv - ok
16:51:43.0126 0148 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:51:43.0146 0148 TsUsbFlt - ok
16:51:43.0196 0148 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:51:43.0236 0148 tunnel - ok
16:51:43.0326 0148 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:51:43.0336 0148 uagp35 - ok
16:51:43.0386 0148 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:51:43.0436 0148 udfs - ok
16:51:43.0556 0148 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:51:43.0566 0148 uliagpkx - ok
16:51:43.0606 0148 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:51:43.0626 0148 umbus - ok
16:51:43.0706 0148 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:51:43.0726 0148 UmPass - ok
16:51:43.0786 0148 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
16:51:43.0786 0148 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
16:51:43.0786 0148 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
16:51:43.0886 0148 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:43.0906 0148 usbccgp - ok
16:51:43.0946 0148 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:51:43.0966 0148 usbcir - ok
16:51:44.0056 0148 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
16:51:44.0066 0148 usbehci - ok
16:51:44.0096 0148 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
16:51:44.0116 0148 usbhub - ok
16:51:44.0146 0148 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
16:51:44.0166 0148 usbohci - ok
16:51:44.0246 0148 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:51:44.0256 0148 usbprint - ok
16:51:44.0286 0148 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:51:44.0306 0148 usbscan - ok
16:51:44.0346 0148 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:51:44.0356 0148 USBSTOR - ok
16:51:44.0456 0148 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
16:51:44.0476 0148 usbuhci - ok
16:51:44.0496 0148 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:51:44.0526 0148 usbvideo - ok
16:51:44.0546 0148 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:51:44.0566 0148 vdrvroot - ok
16:51:44.0651 0148 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:51:44.0673 0148 vga - ok
16:51:44.0693 0148 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:51:44.0739 0148 VgaSave - ok
16:51:44.0784 0148 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:51:44.0794 0148 vhdmp - ok
16:51:44.0901 0148 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:51:44.0911 0148 viaide - ok
16:51:44.0951 0148 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:51:44.0971 0148 volmgr - ok
16:51:45.0071 0148 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:51:45.0091 0148 volmgrx - ok
16:51:45.0141 0148 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:51:45.0161 0148 volsnap - ok
16:51:45.0181 0148 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:51:45.0201 0148 vsmraid - ok
16:51:45.0301 0148 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:51:45.0321 0148 vwifibus - ok
16:51:45.0331 0148 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:51:45.0361 0148 vwififlt - ok
16:51:45.0381 0148 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:51:45.0401 0148 vwifimp - ok
16:51:45.0491 0148 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:51:45.0511 0148 WacomPen - ok
16:51:45.0551 0148 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:51:45.0591 0148 WANARP - ok
16:51:45.0601 0148 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:51:45.0644 0148 Wanarpv6 - ok
16:51:45.0749 0148 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:51:45.0766 0148 Wd - ok
16:51:45.0796 0148 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:51:45.0816 0148 Wdf01000 - ok
16:51:45.0929 0148 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:51:45.0969 0148 WfpLwf - ok
16:51:45.0999 0148 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:51:46.0009 0148 WimFltr - ok
16:51:46.0099 0148 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:51:46.0109 0148 WIMMount - ok
16:51:46.0189 0148 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:51:46.0209 0148 WinUsb - ok
16:51:46.0259 0148 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:51:46.0279 0148 WmiAcpi - ok
16:51:46.0389 0148 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:51:46.0439 0148 ws2ifsl - ok
16:51:46.0469 0148 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:51:46.0489 0148 WSDPrintDevice - ok
16:51:46.0609 0148 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:51:46.0649 0148 WudfPf - ok
16:51:46.0679 0148 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:51:46.0729 0148 WUDFRd - ok
16:51:46.0789 0148 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
16:51:46.0859 0148 \Device\Harddisk0\DR0 - ok
16:51:46.0859 0148 Boot (0x1200) (a5a47f88a08d4a60ab8861a5e6c4609c) \Device\Harddisk0\DR0\Partition0
16:51:46.0869 0148 \Device\Harddisk0\DR0\Partition0 - ok
16:51:46.0899 0148 Boot (0x1200) (d367eb3e6ac8d59139173d1a1b165d21) \Device\Harddisk0\DR0\Partition1
16:51:46.0909 0148 \Device\Harddisk0\DR0\Partition1 - ok
16:51:46.0909 0148 ============================================================
16:51:46.0909 0148 Scan finished
16:51:46.0909 0148 ============================================================
16:51:46.0919 3888 Detected object count: 1
16:51:46.0919 3888 Actual detected object count: 1
16:52:43.0700 3888 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:43.0700 3888 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#6
Essexboy

Posted 19 October 2011 - 10:50 AM

GeekU Moderator

Retired Staff
69,964 posts

Well that confirmed that is the variant not seen by TDSSKiller so we will need to remove it using the recovery disc

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

recdisc.exe
Allow the UAC(User Account Control) prompt via selecting Yes.
You should now see a menu like the below:-

Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
Note: If a AutoPlay window pops up, just close it.
When the SRD has been created you will see the below:-

Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
You now have a Windows 7 System Repair Disc.

Reboot the computer using the CD

When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

Bootrec.exe /FixMbr
Once finished type Exit

Reboot to normal windows and run aswMBRagain please

#7
mh1018

Posted 19 October 2011 - 12:02 PM

Member

Topic Starter
Member
28 posts

I made the disk as instructed. I rebooted the computer - but it did not use the disk. I am afraid you might have forgotten my inabilities...
I tried to learn how to make it reboot to the disk - but can't find anything that looks right. The computer is a Dell Inspiron laptop.

#8
Essexboy

Posted 19 October 2011 - 12:06 PM

GeekU Moderator

Retired Staff
69,964 posts

No problem - what you need to do is set the CD to be first boot device

Please go to this page for instruction on how to set the CD as first boot device. I will be here to answer any questions

#9
mh1018

Posted 19 October 2011 - 12:10 PM

Member

Topic Starter
Member
28 posts

I figured it out all by myself! so I will send the report when completed.

#10
Essexboy

Posted 19 October 2011 - 12:29 PM

GeekU Moderator

Retired Staff
69,964 posts

#11
mh1018

Posted 19 October 2011 - 01:09 PM

Member

Topic Starter
Member
28 posts

I am now getting a Windows failed to start after selecting Start Windows Normally. It started the Startup Repair process. It says it can't repair. Any ideas?

#12
Essexboy

Posted 19 October 2011 - 01:11 PM

GeekU Moderator

Retired Staff
69,964 posts

When you ran from this disc and selected command prompt did you type this

Bootrec.exe /FixMbr

Did the system then respond as completed ?

#13
mh1018

Posted 19 October 2011 - 01:18 PM

Member

Topic Starter
Member
28 posts

yes then I typed exit

#14
Essexboy

Posted 19 October 2011 - 01:22 PM

GeekU Moderator

Retired Staff
69,964 posts

Ok from the disc could you run that command again please..

If it still fails then we will use the last restore point set buy OTL

So in that case from the disc select "System restore"

#15
mh1018

Posted 19 October 2011 - 01:31 PM

Member

Topic Starter
Member
28 posts

I ran the command. It says the operation completed successfully. I will not type exit. Restart. Not starting. Get a screen again with choices - Launch Startup Repair or Start window normally