Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Programs refuse to load, cannot copy/move files, a few other similar p

Started by LittleRaven , Oct 27 2011 02:26 PM

  • Please log in to reply

#1
LittleRaven
Posted 27 October 2011 - 02:26 PM

LittleRaven

    Member

  • Member
  • PipPip
  • 28 posts
I am currently running Windows Vista upgraded to Windows 7.

My computer is suddenly refusing to load programs and will not copy/move files to other locations, and pretty much anything more memory intensive than browsing the internet will not run either. Programs begin to start and then freeze before they can fully load. When I try to copy/move files, the progress bar freezes seemingly at random. Trying to download files freezes Firefox. I have difficulty shutting down or booting up my PC. When I attempt to shut down, either it works like normal or it freezes at the splash screen. Same for when I boot up. Either it does or it freezes at the Windows logo.

A full system scan with Avast! has returned clean, and everything I download is automatically scanned. I have uninstalled various programs I can do without. My system automatically defrags itself every week, so that's not an issue. I have run ATF Cleaner. Nothing I have done has made even the slightest difference so far.

I have 2 hard drives separated into 3 partitions. C:\ and D:\ are my 320gb drive, with Windows installed on C:\. E:\ is my 2tb hard drive. To be honest right now I just want to be able to transfer the files I wish to keep from my 320gb drive to my 2tb drive and reformat the 320gb so I can put a clean Windows 7 installation on it. I do not want to touch the 2tb drive if I can help it.

OLT Log below
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 10/27/11 2:10:27 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

4.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 48.45% Memory free
8.00 Gb Paging File | 5.81 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144.29 Gb Total Space | 71.65 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 35.24 Gb Free Space | 24.47% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1726.55 Gb Free Space | 92.67% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CHARLENE | User Name: Raven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\XNeat Windows Manager\XNeatWM.exe ()
PRC - C:\Program Files (x86)\XNeat Windows Manager\xnViewer.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - \\?\C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-462593155-248269818-3965569099-1000\MSPRindiv01.key ()
MOD - C:\Program Files (x86)\XNeat Windows Manager\dlls\xnSaveAsDlg.dll ()
MOD - C:\Program Files (x86)\XNeat Windows Manager\dlls\xnTransparency.dll ()
MOD - C:\Program Files (x86)\XNeat Windows Manager\XNeatDrv.dll ()
MOD - C:\Program Files (x86)\XNeat Windows Manager\XNeatWM.exe ()
MOD - C:\Program Files (x86)\XNeat Windows Manager\xnViewer.exe ()
MOD - C:\Program Files (x86)\XNeat Windows Manager\dlls\xnMenuBuilder.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (NBService) -- D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV:64bit: - (LVUVC64) Logitech Webcam Pro 9000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (msvad_simple) -- C:\Windows\SysNative\drivers\povrtdev.sys (MediaMall Technologies, Inc.)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (SafDskNT) -- C:\Windows\SysNative\drivers\SAFDSKNT.SYS (PC Dynamics, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\drivers\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\drivers\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\drivers\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (Alpham1) -- C:\Windows\SysNative\drivers\Alpham164.sys (Ideazon Corporation)
DRV:64bit: - (Alpham2) -- C:\Windows\SysNative\drivers\Alpham264.sys (Ideazon Corporation)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.youtube.com/watch?v=kHo7VBbusnM&NR=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://planetfallout...pital-Wasteland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.wowhead.com/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raven\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raven\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/01 17:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/09 20:32:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/27 09:59:46 | 000,000,000 | ---D | M]

[2009/12/16 18:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raven\AppData\Roaming\Mozilla\Extensions
[2011/08/20 04:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\nwmjbv0q.default\extensions
[2010/10/15 12:00:52 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\nwmjbv0q.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/05/11 08:36:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\nwmjbv0q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/20 04:14:58 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\nwmjbv0q.default\extensions\[email protected]
[2011/09/20 02:13:25 | 000,000,935 | ---- | M] () -- C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\nwmjbv0q.default\searchplugins\merriam-webster-dictionary.xml
[2010/10/15 12:03:52 | 000,001,196 | ---- | M] () -- C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\nwmjbv0q.default\searchplugins\winamp-search.xml
[2008/11/20 15:23:04 | 000,001,546 | ---- | M] () -- C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\nwmjbv0q.default\searchplugins\wowhead.xml
[2011/08/05 10:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/11 08:36:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/29 04:09:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/16 22:03:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/26 10:59:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/16 06:32:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/05 10:31:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NWMJBV0Q.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\RAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NWMJBV0Q.DEFAULT\EXTENSIONS\[email protected]
[2011/10/09 20:32:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 22:23:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Raven\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Raven\AppData\Local\Google\Chrome\Application\14.0.835.202\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Raven\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: AT_DJTiesto = C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2_0\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKCU..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [XNeat Windows Manager] C:\Program Files (x86)\XNeat Windows Manager\xnViewer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0387CC52-77EF-478D-801E-673037019A6E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 03:29:38 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 21:10:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/26 08:24:40 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{BF812041-E3E8-4D3B-B481-43E9AD43A9DF}
[2011/10/26 08:24:24 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{9D3C8AA9-809E-40B9-8196-750F692A5762}
[2011/10/24 22:26:58 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{F2A31124-9965-415D-B56E-D090E1ACAC80}
[2011/10/24 22:26:33 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{CD7C701A-D484-4B67-8406-8D8CC3A5339E}
[2011/10/22 11:13:45 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{8D753A4C-33CE-48F0-92AB-1DC60784B964}
[2011/10/22 11:13:23 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{AFF202BC-267E-4D58-84F9-938698D5E9BD}
[2011/10/18 04:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/10/17 23:50:22 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{AD6E5EEC-3DDF-4BFE-AAE3-5ADCF911F886}
[2011/10/17 23:50:04 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{B017F0D6-F76C-4BD9-9569-2F89330B2DFB}
[2011/10/16 02:21:44 | 000,000,000 | ---D | C] -- C:\Users\Raven\Documents\Video Mask Projects
[2011/10/16 00:45:15 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\Logitech® Webcam Software
[2011/10/16 00:28:03 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{F622B191-0F6C-41DF-BE88-67DB1C580010}
[2011/10/16 00:27:41 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{399815AD-22ED-4840-87A8-30BBCA763D6F}
[2011/10/13 18:49:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011/10/13 16:44:43 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{86F5E49B-6006-4BB4-9935-726C2BFD94D6}
[2011/10/13 16:44:25 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{1CFE0AA9-9D24-45FE-947A-6156E258733F}
[2011/10/11 13:58:43 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{FBB6365A-06C5-4567-B94C-2BFD97A6D1FD}
[2011/10/11 13:58:24 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{2B94A881-1B63-4DF2-9A7F-47DF1C3EB583}
[2011/10/06 10:13:23 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{2DE8DE22-13E0-45C4-A531-7D41CA65D31D}
[2011/10/06 10:13:03 | 000,000,000 | ---D | C] -- C:\Users\Raven\AppData\Local\{B4DF5DE3-BD1C-47C8-8C65-9352A4A33D36}
[2008/10/22 23:44:06 | 000,016,384 | ---- | C] ( ) -- C:\Windows\SysWow64\ClearEvent.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/27 13:21:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-462593155-248269818-3965569099-1000UA.job
[2011/10/27 13:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/27 12:05:35 | 000,834,580 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/27 12:05:35 | 000,702,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/27 12:05:35 | 000,140,854 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/27 07:12:00 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 07:12:00 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 07:05:35 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/27 07:04:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/27 07:04:38 | 3220,619,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/27 07:03:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/10/26 04:21:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-462593155-248269818-3965569099-1000Core.job
[2011/10/25 06:20:18 | 000,000,058 | ---- | M] () -- C:\Windows\SysWow64\trace.bin
[2011/10/16 00:41:19 | 000,001,588 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/10/15 01:34:34 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/10/13 03:29:20 | 000,362,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/09 20:33:12 | 000,002,056 | ---- | M] () -- C:\Users\Raven\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/06 10:06:38 | 000,002,401 | ---- | M] () -- C:\Users\Raven\Desktop\Google Chrome.lnk
[2011/10/01 01:29:25 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/08/05 16:32:59 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/05 16:32:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/16 07:52:02 | 000,377,173 | ---- | C] () -- C:\Users\Raven\AppData\Roaming\Fallen Earth_2.51.1.0_2011-06-16-13-52.dmp
[2011/06/14 09:10:25 | 000,327,459 | ---- | C] () -- C:\Users\Raven\AppData\Roaming\Fallen Earth_2.51.1.0_2011-06-14-15-10.dmp
[2011/06/02 01:42:05 | 000,000,017 | ---- | C] () -- C:\Users\Raven\AppData\Local\resmon.resmoncfg
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/26 07:53:55 | 000,820,048 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/10 17:34:11 | 000,705,434 | ---- | C] () -- C:\Users\Raven\AppData\Roaming\Fallen Earth_2.49.3.0_2010-09-10-23-34.dmp
[2010/08/03 17:30:06 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\trace.bin
[2010/08/01 19:49:09 | 000,098,977 | ---- | C] () -- C:\Users\Raven\AppData\Roaming\icarus-dxdiag.xml
[2010/04/21 22:42:50 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010/03/18 15:47:53 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/02/23 20:26:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/02/14 00:05:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/06 19:46:41 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/30 08:24:23 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/20 15:41:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/20 01:36:23 | 000,000,760 | ---- | C] () -- C:\Users\Raven\AppData\Roaming\setup_ldm.iss
[2009/07/27 17:28:33 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/22 17:48:05 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/05/11 01:40:16 | 000,000,569 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/01/30 00:49:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/11/09 21:33:59 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2008/11/02 13:55:26 | 000,000,564 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/11/02 11:51:50 | 000,000,000 | ---- | C] () -- C:\Users\Raven\AppData\Roaming\wklnhst.dat
[2008/10/22 23:47:44 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/10/22 23:47:44 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/10/22 23:44:17 | 000,000,069 | ---- | C] () -- C:\Windows\eAPLauncher.ini
[2008/10/22 23:44:06 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\LauncheRyAgentUser.exe
[2008/03/16 17:51:01 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN4.dll
[2008/03/16 17:01:09 | 000,015,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\int15_64.sys
[2008/03/16 15:44:43 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008/03/16 15:44:43 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2004/12/19 07:29:40 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2004/12/19 07:17:10 | 000,614,400 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002/10/06 12:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002/10/04 17:04:24 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2002/10/04 17:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002/10/04 17:04:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002/05/15 17:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/12/16 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Raven\AppData\Roaming\.#
[2009/12/16 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Acer
[2009/12/16 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Acer GameZone Console
[2009/12/16 18:54:17 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Azureus
[2011/03/22 02:07:56 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Crayon Physics Deluxe
[2009/12/16 18:54:17 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Cyber-D's Wallpaper Shifter 7
[2009/12/16 18:54:17 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\DAEMON Tools Lite
[2011/10/26 08:22:52 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Dropbox
[2009/08/31 18:12:54 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\eSobi
[2011/07/22 10:06:01 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\GetRightToGo
[2011/08/22 10:19:52 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\gtk-2.0
[2011/09/13 19:25:25 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Ideazon
[2011/08/06 13:50:34 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Launchy
[2009/12/16 18:54:17 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Leadertech
[2009/12/16 18:55:10 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\MobMapUpdater
[2011/07/17 10:36:15 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Notepad++
[2011/09/15 11:04:55 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\OpenCandy
[2009/12/16 18:55:12 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\OpenOffice.org
[2010/02/08 22:22:51 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Power Sound Editor Free
[2010/04/21 22:23:32 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Red Alert 3
[2010/07/18 10:43:55 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\ScripterRon
[2011/08/05 15:56:30 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Slacker
[2009/12/16 18:55:12 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\SystemRequirementsLab
[2009/12/16 18:55:12 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Template
[2011/10/27 09:52:23 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\TeraCopy
[2011/08/05 15:32:14 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\Titanium
[2011/10/18 05:25:45 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\uTorrent
[2010/08/25 11:04:12 | 000,000,000 | -HSD | M] -- C:\Users\Raven\AppData\Roaming\wyUpdate AU
[2011/10/27 13:44:37 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\XYplorer
[2010/01/14 21:39:13 | 000,000,000 | ---D | M] -- C:\Users\Raven\AppData\Roaming\yess
[2011/10/15 01:34:34 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/10/01 01:29:25 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/02/27 08:36:19 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:8D5581F0AB04DFC1

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 03 November 2011 - 12:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Start, All programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt 


net  start  >>  \junk.txt

notepad  \junk.txt
Copy the text from notepad and paste it into a reply.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
LittleRaven
Posted 03 November 2011 - 07:19 PM

LittleRaven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thank you very much for the reply. I apologize for the delay in my reply, it took me quite some time to go down that list. Lots of freezing, etc.

Contents
1. Malwarebytes' Anti-Malware
2. ComboFix
3. TDSSKiller
4. awsMBR
5. Command Prompt junk log
6. Process Explorer
7. Event Viewer Tool

1. Malwarebytes' Anti-Malware
I followed the instructions, Malwarebytes' Anti-Malware found no infections. Log follows.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8076

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/03/11 8:51:04 AM
mbam-log-2011-11-03 (08-51-04).txt

Scan type: Quick scan
Objects scanned: 194935
Time elapsed: 21 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2. ComboFix
Followed the instructions. The log follows.
ComboFix 11-11-03.03 - Raven 11/03/11  15:40:42.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4095.2563 [GMT -6:00]
Running from: d:\games\New Vegas Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
[i] ADS - Windows: deleted 24 bytes in 1 streams. [/i]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Raven\AppData\Roaming\.#
c:\users\Raven\AppData\Roaming\.#\MBX@EB0@23B2990.###
c:\users\Raven\AppData\Roaming\.#\MBX@EB0@23B29C0.###
c:\users\Raven\AppData\Roaming\.#\MBX@EB0@23B29F0.###
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-03 to 2011-11-03  )))))))))))))))))))))))))))))))
.
.
2011-11-03 21:59 . 2011-11-03 21:59	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B17B586D-3D31-4E4E-B770-86C7EACE9B52}\offreg.dll
2011-11-03 21:47 . 2011-11-03 21:47	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-11-03 21:47 . 2011-11-03 21:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-03 14:28 . 2011-08-31 23:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-03 12:59 . 2011-09-06 20:45	254400	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-03 12:59 . 2011-09-06 20:38	601944	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-01 12:44 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B17B586D-3D31-4E4E-B770-86C7EACE9B52}\mpengine.dll
2011-10-28 21:43 . 2011-10-28 21:43	--------	d-----w-	c:\users\Raven\AppData\Local\Adobe
2011-10-28 21:42 . 2011-10-28 21:42	--------	d-----w-	c:\users\Raven\AppData\Roaming\fltk.org
2011-10-28 21:42 . 2011-10-28 21:42	--------	d-----w-	c:\programdata\fltk.org
2011-10-28 21:03 . 2009-02-25 00:35	255552	----a-w-	c:\windows\SysWow64\drivers\mcdbus.sys
2011-10-28 20:12 . 2011-10-28 20:12	86528	----a-w-	c:\windows\bnetunin.exe
2011-10-28 20:12 . 2011-10-28 20:12	61440	----a-w-	c:\windows\diabunin.exe
2011-10-28 16:03 . 2011-10-28 16:03	--------	d-----w-	c:\program files (x86)\Winamp Toolbar
2011-10-28 16:03 . 2011-10-28 16:03	--------	d-----w-	c:\programdata\Winamp Toolbar
2011-10-28 16:03 . 2011-10-28 16:03	--------	d-----w-	c:\program files (x86)\Common Files\Software Update Utility
2011-10-28 16:02 . 2011-10-28 16:16	--------	d-----w-	c:\users\Raven\AppData\Roaming\Winamp Pro
2011-10-26 00:03 . 2011-08-13 05:27	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-26 00:03 . 2011-08-13 04:18	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-18 10:15 . 2011-10-18 10:15	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2011-10-16 06:45 . 2011-10-16 06:45	--------	d-----w-	c:\users\Raven\AppData\Local\Logitech® Webcam Software
2011-10-16 06:41 . 2011-10-16 06:41	53248	----a-r-	c:\users\Raven\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-14 00:49 . 2011-10-14 00:49	--------	d-sh--w-	c:\programdata\SecuROM
2011-10-13 07:44 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-13 07:44 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-13 07:44 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-13 07:44 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-13 07:44 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-13 07:44 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-13 07:44 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-10-13 07:44 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 16:12 . 2011-05-20 04:21	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-14 19:30 . 2010-08-28 02:54	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2011-09-06 20:45 . 2010-12-15 22:47	41184	----a-w-	c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-12-15 22:47	199304	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:38 . 2010-12-15 22:48	301912	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-12-15 22:48	42328	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-12-15 22:48	58200	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-12-15 22:48	65368	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2010-12-15 22:48	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-08-19 15:27 . 2011-08-19 15:27	769312	----a-w-	c:\windows\system32\LVUI64.dll
2011-08-19 15:27 . 2011-08-19 15:27	561440	----a-w-	c:\windows\system32\LVUIRC64.dll
2011-08-19 15:27 . 2011-08-19 15:27	4869024	----a-w-	c:\windows\system32\drivers\lvuvc64.sys
2011-08-19 15:27 . 2011-08-19 15:27	351136	----a-w-	c:\windows\system32\drivers\lvrs64.sys
2011-08-19 15:27 . 2011-08-19 15:27	263456	----a-w-	c:\windows\system32\lvco13301394.dll
2011-08-19 15:27 . 2011-08-19 15:27	176416	----a-w-	c:\windows\system32\lvcod64.dll
2011-08-19 15:26 . 2011-08-19 15:26	545056	----a-w-	c:\windows\SysWow64\LVUI2.dll
2011-08-19 15:26 . 2011-08-19 15:26	540960	----a-w-	c:\windows\SysWow64\LVUI2RC.dll
2011-08-19 15:26 . 2011-08-19 15:26	307488	----a-w-	c:\windows\SysWow64\lvcodec2.dll
2011-08-19 15:26 . 2011-08-19 15:26	336408	----a-w-	c:\windows\SysWow64\DevManagerCore.dll
2011-08-19 15:26 . 2011-08-19 15:26	336408	----a-w-	c:\windows\system32\DevManagerCore.dll
2011-08-19 15:26 . 2011-08-19 15:26	10898456	----a-w-	c:\windows\SysWow64\LogiDPP.dll
2011-08-19 15:26 . 2011-08-19 15:26	10898456	----a-w-	c:\windows\system32\LogiDPP.dll
2011-08-19 15:26 . 2011-08-19 15:26	104472	----a-w-	c:\windows\SysWow64\LogiDPPApp.exe
2011-08-19 15:26 . 2011-08-19 15:26	104472	----a-w-	c:\windows\system32\LogiDPPApp.exe
2011-08-12 18:19 . 2011-08-12 18:19	16920	----a-w-	c:\windows\system32\drivers\iKeyLFT264.dll
2011-08-06 21:03 . 2011-08-06 05:56	281656	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-08-06 21:02 . 2011-08-05 22:32	281200	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Raven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Raven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Raven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Raven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38	121392	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"XNeat Windows Manager"="c:\program files (x86)\XNeat Windows Manager\xnViewer.exe" [2008-03-03 77824]
"Steam"="d:\games\Steam\steam.exe" [2011-08-05 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Acer Product Registration"="c:\program files (x86)\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"WinampAgent"="d:\program files\Winamp Pro\winampa.exe" [2011-07-11 74752]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Raven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - d:\program files\MagicDisc\MagicDisc.exe [2011-10-28 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 135664]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 16:56]
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 16:56]
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462593155-248269818-3965569099-1000Core.job
- c:\users\Raven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 14:25]
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462593155-248269818-3965569099-1000UA.job
- c:\users\Raven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 14:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45	134384	----a-w-	c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Raven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Raven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Raven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Raven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:39	51248	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-25 6150656]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-03-05 560688]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-07 333344]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://planetfallout.gamespy.com/maps/1/Capital-Wasteland
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\nwmjbv0q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
AddRemove-Steam App 2760 - d:\games\Fallout New Vegas\steam.exe
AddRemove-Steam App 42910 - d:\games\Fallout New Vegas\steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-462593155-248269818-3965569099-1000\Software\SecuROM\License information*]
"datasecu"=hex:60,4c,13,11,49,c1,bd,f9,b5,ba,4d,9f,aa,41,5e,f5,cc,34,9c,9c,3d,
   56,18,11,e6,d8,a4,d3,86,3f,c5,b9,65,ed,6c,a8,8a,52,fb,f6,3c,0d,c7,75,7e,de,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\XNeat Windows Manager\XNeatWM.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
.
**************************************************************************
.
Completion time: 2011-11-03  16:10:09 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-03 22:10
.
Pre-Run: 77,704,335,360 bytes free
Post-Run: 78,409,367,552 bytes free
.
- - End Of File - - 5DE422D5FDABD9276A0B5D4F3B19EF7C

3. TDSSKiller
Followed the instructions. Log follows.


16:20:18.0235 2892	TDSS rootkit removing tool 2.6.15.0 Nov  3 2011 17:15:49
16:20:18.0987 2892	============================================================
16:20:18.0987 2892	Current date / time: 2011/11/03 16:20:18.0987
16:20:18.0987 2892	SystemInfo:
16:20:18.0987 2892	
16:20:18.0987 2892	OS Version: 6.1.7601 ServicePack: 1.0
16:20:18.0987 2892	Product type: Workstation
16:20:18.0987 2892	ComputerName: CHARLENE
16:20:18.0987 2892	UserName: Raven
16:20:18.0987 2892	Windows directory: C:\Windows
16:20:18.0987 2892	System windows directory: C:\Windows
16:20:18.0987 2892	Running under WOW64
16:20:18.0987 2892	Processor architecture: Intel x64
16:20:18.0987 2892	Number of processors: 4
16:20:18.0987 2892	Page size: 0x1000
16:20:18.0987 2892	Boot type: Normal boot
16:20:18.0987 2892	============================================================
16:20:20.0005 2892	Initialize success
16:20:56.0020 4432	============================================================
16:20:56.0020 4432	Scan started
16:20:56.0020 4432	Mode: Manual; 
16:20:56.0020 4432	============================================================
16:20:56.0820 4432	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:20:56.0824 4432	1394ohci - ok
16:20:56.0871 4432	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:20:56.0875 4432	ACPI - ok
16:20:56.0975 4432	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:20:56.0976 4432	AcpiPmi - ok
16:20:57.0040 4432	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:20:57.0047 4432	adp94xx - ok
16:20:57.0158 4432	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:20:57.0163 4432	adpahci - ok
16:20:57.0211 4432	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:20:57.0215 4432	adpu320 - ok
16:20:57.0339 4432	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:20:57.0345 4432	AFD - ok
16:20:57.0391 4432	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:20:57.0393 4432	agp440 - ok
16:20:57.0510 4432	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:20:57.0512 4432	aliide - ok
16:20:57.0543 4432	Alpham1         (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
16:20:57.0544 4432	Alpham1 - ok
16:20:57.0568 4432	Alpham2         (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
16:20:57.0569 4432	Alpham2 - ok
16:20:57.0669 4432	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:20:57.0670 4432	amdide - ok
16:20:57.0708 4432	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:20:57.0710 4432	AmdK8 - ok
16:20:57.0724 4432	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:20:57.0726 4432	AmdPPM - ok
16:20:57.0943 4432	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:20:57.0984 4432	amdsata - ok
16:20:58.0042 4432	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:20:58.0046 4432	amdsbs - ok
16:20:58.0152 4432	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:20:58.0153 4432	amdxata - ok
16:20:58.0200 4432	AnyDVD          (904f781460ab3dac454ba788c6c31b6e) C:\Windows\system32\Drivers\AnyDVD.sys
16:20:58.0202 4432	AnyDVD - ok
16:20:58.0333 4432	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:20:58.0335 4432	AppID - ok
16:20:58.0398 4432	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:20:58.0400 4432	arc - ok
16:20:58.0490 4432	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:20:58.0492 4432	arcsas - ok
16:20:58.0633 4432	aswFsBlk        (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
16:20:58.0634 4432	aswFsBlk - ok
16:20:58.0762 4432	aswMonFlt       (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
16:20:58.0764 4432	aswMonFlt - ok
16:20:58.0809 4432	aswRdr          (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
16:20:58.0811 4432	aswRdr - ok
16:20:58.0926 4432	aswSnx          (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
16:20:58.0934 4432	aswSnx - ok
16:20:59.0054 4432	aswSP           (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
16:20:59.0059 4432	aswSP - ok
16:20:59.0119 4432	aswTdi          (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
16:20:59.0121 4432	aswTdi - ok
16:20:59.0230 4432	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:20:59.0231 4432	AsyncMac - ok
16:20:59.0287 4432	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:20:59.0288 4432	atapi - ok
16:20:59.0450 4432	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:20:59.0456 4432	b06bdrv - ok
16:20:59.0496 4432	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:20:59.0501 4432	b57nd60a - ok
16:20:59.0630 4432	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:20:59.0631 4432	Beep - ok
16:20:59.0667 4432	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:20:59.0669 4432	blbdrive - ok
16:20:59.0768 4432	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:20:59.0772 4432	bowser - ok
16:20:59.0832 4432	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:20:59.0834 4432	BrFiltLo - ok
16:20:59.0854 4432	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:20:59.0856 4432	BrFiltUp - ok
16:20:59.0951 4432	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:20:59.0956 4432	Brserid - ok
16:20:59.0970 4432	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:20:59.0972 4432	BrSerWdm - ok
16:21:00.0018 4432	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:21:00.0037 4432	BrUsbMdm - ok
16:21:00.0220 4432	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:21:00.0241 4432	BrUsbSer - ok
16:21:00.0382 4432	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:21:00.0384 4432	BTHMODEM - ok
16:21:00.0492 4432	catchme - ok
16:21:00.0625 4432	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:21:00.0647 4432	cdfs - ok
16:21:00.0768 4432	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:21:00.0772 4432	cdrom - ok
16:21:00.0816 4432	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:21:00.0818 4432	circlass - ok
16:21:00.0921 4432	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:21:00.0927 4432	CLFS - ok
16:21:01.0080 4432	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:21:01.0081 4432	CmBatt - ok
16:21:01.0116 4432	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:21:01.0118 4432	cmdide - ok
16:21:01.0163 4432	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:21:01.0170 4432	CNG - ok
16:21:01.0279 4432	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:21:01.0280 4432	Compbatt - ok
16:21:01.0322 4432	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:21:01.0324 4432	CompositeBus - ok
16:21:01.0349 4432	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:21:01.0351 4432	crcdisk - ok
16:21:01.0495 4432	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:21:01.0498 4432	DfsC - ok
16:21:01.0546 4432	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:21:01.0547 4432	discache - ok
16:21:01.0645 4432	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:21:01.0647 4432	Disk - ok
16:21:01.0709 4432	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:21:01.0711 4432	drmkaud - ok
16:21:01.0835 4432	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:21:01.0847 4432	DXGKrnl - ok
16:21:02.0026 4432	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:21:02.0060 4432	ebdrv - ok
16:21:02.0185 4432	ElbyCDIO        (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:21:02.0187 4432	ElbyCDIO - ok
16:21:02.0240 4432	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:21:02.0247 4432	elxstor - ok
16:21:02.0353 4432	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:21:02.0354 4432	ErrDev - ok
16:21:02.0417 4432	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:21:02.0421 4432	exfat - ok
16:21:02.0510 4432	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:21:02.0514 4432	fastfat - ok
16:21:02.0562 4432	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:21:02.0563 4432	fdc - ok
16:21:02.0648 4432	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:21:02.0650 4432	FileInfo - ok
16:21:02.0668 4432	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:21:02.0669 4432	Filetrace - ok
16:21:02.0711 4432	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:21:02.0713 4432	flpydisk - ok
16:21:02.0839 4432	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:21:02.0843 4432	FltMgr - ok
16:21:02.0896 4432	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:21:02.0898 4432	FsDepends - ok
16:21:02.0986 4432	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:21:02.0987 4432	Fs_Rec - ok
16:21:03.0064 4432	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:21:03.0067 4432	fvevol - ok
16:21:03.0107 4432	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:21:03.0109 4432	gagp30kx - ok
16:21:03.0255 4432	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:21:03.0256 4432	hcw85cir - ok
16:21:03.0290 4432	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:21:03.0292 4432	HDAudBus - ok
16:21:03.0312 4432	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:21:03.0314 4432	HidBatt - ok
16:21:03.0419 4432	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:21:03.0422 4432	HidBth - ok
16:21:03.0442 4432	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:21:03.0443 4432	HidIr - ok
16:21:03.0492 4432	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:21:03.0493 4432	HidUsb - ok
16:21:03.0598 4432	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:21:03.0600 4432	HpSAMD - ok
16:21:03.0668 4432	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:21:03.0677 4432	HTTP - ok
16:21:03.0806 4432	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:21:03.0807 4432	hwpolicy - ok
16:21:03.0884 4432	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:21:03.0886 4432	i8042prt - ok
16:21:03.0997 4432	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:21:04.0003 4432	iaStorV - ok
16:21:04.0138 4432	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:21:04.0140 4432	iirsp - ok
16:21:04.0206 4432	int15           (91b61589bb2915e81d436efe07548507) C:\Acer\Empowering Technology\eRecovery\int15.sys
16:21:04.0207 4432	int15 - ok
16:21:04.0352 4432	IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys
16:21:04.0367 4432	IntcAzAudAddService - ok
16:21:04.0401 4432	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:21:04.0403 4432	intelide - ok
16:21:04.0519 4432	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:21:04.0520 4432	intelppm - ok
16:21:04.0559 4432	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:21:04.0561 4432	IpFilterDriver - ok
16:21:04.0595 4432	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:21:04.0597 4432	IPMIDRV - ok
16:21:04.0703 4432	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:21:04.0705 4432	IPNAT - ok
16:21:04.0733 4432	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:21:04.0735 4432	IRENUM - ok
16:21:04.0760 4432	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:21:04.0762 4432	isapnp - ok
16:21:04.0864 4432	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:21:04.0868 4432	iScsiPrt - ok
16:21:04.0905 4432	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:21:04.0906 4432	kbdclass - ok
16:21:05.0007 4432	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:21:05.0008 4432	kbdhid - ok
16:21:05.0058 4432	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:21:05.0060 4432	KSecDD - ok
16:21:05.0102 4432	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:21:05.0105 4432	KSecPkg - ok
16:21:05.0218 4432	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:21:05.0219 4432	ksthunk - ok
16:21:05.0257 4432	L8042Kbd        (ced526c739d4091f77dde6c339ab49be) C:\Windows\system32\DRIVERS\L8042Kbd.sys
16:21:05.0259 4432	L8042Kbd - ok
16:21:05.0352 4432	L8042mou        (b9371a88719da62996dde9655847a87e) C:\Windows\system32\DRIVERS\L8042mou.Sys
16:21:05.0354 4432	L8042mou - ok
16:21:05.0412 4432	LHidFilt        (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:21:05.0428 4432	LHidFilt - ok
16:21:05.0552 4432	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:21:05.0554 4432	lltdio - ok
16:21:05.0586 4432	LMouFilt        (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:21:05.0588 4432	LMouFilt - ok
16:21:05.0607 4432	LMouKE          (d9abcfc5a37eb47ac556ebacfadfe101) C:\Windows\system32\DRIVERS\LMouKE.Sys
16:21:05.0610 4432	LMouKE - ok
16:21:05.0731 4432	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:21:05.0733 4432	LSI_FC - ok
16:21:05.0749 4432	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:21:05.0751 4432	LSI_SAS - ok
16:21:05.0773 4432	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:21:05.0777 4432	LSI_SAS2 - ok
16:21:05.0905 4432	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:21:05.0908 4432	LSI_SCSI - ok
16:21:05.0964 4432	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:21:05.0967 4432	luafv - ok
16:21:06.0088 4432	LUsbFilt        (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
16:21:06.0090 4432	LUsbFilt - ok
16:21:06.0125 4432	LVPr2M64        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:21:06.0126 4432	LVPr2M64 - ok
16:21:06.0145 4432	LVPr2Mon        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:21:06.0146 4432	LVPr2Mon - ok
16:21:06.0272 4432	LVRS64          (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
16:21:06.0278 4432	LVRS64 - ok
16:21:06.0422 4432	LVUVC64         (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:21:06.0517 4432	LVUVC64 - ok
16:21:06.0608 4432	MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
16:21:06.0609 4432	MBAMProtector - ok
16:21:06.0680 4432	mcdbus          (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
16:21:06.0685 4432	mcdbus - ok
16:21:06.0800 4432	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:21:06.0802 4432	megasas - ok
16:21:06.0826 4432	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:21:06.0831 4432	MegaSR - ok
16:21:06.0861 4432	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:21:06.0863 4432	Modem - ok
16:21:06.0980 4432	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:21:06.0981 4432	monitor - ok
16:21:07.0018 4432	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:21:07.0019 4432	mouclass - ok
16:21:07.0143 4432	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:21:07.0145 4432	mouhid - ok
16:21:07.0183 4432	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:21:07.0185 4432	mountmgr - ok
16:21:07.0220 4432	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:21:07.0223 4432	mpio - ok
16:21:07.0330 4432	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:21:07.0332 4432	mpsdrv - ok
16:21:07.0374 4432	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:21:07.0377 4432	MRxDAV - ok
16:21:07.0409 4432	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:21:07.0412 4432	mrxsmb - ok
16:21:07.0512 4432	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:21:07.0517 4432	mrxsmb10 - ok
16:21:07.0540 4432	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:21:07.0543 4432	mrxsmb20 - ok
16:21:07.0579 4432	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:21:07.0581 4432	msahci - ok
16:21:07.0674 4432	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:21:07.0677 4432	msdsm - ok
16:21:07.0723 4432	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:21:07.0725 4432	Msfs - ok
16:21:07.0738 4432	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:21:07.0740 4432	mshidkmdf - ok
16:21:07.0771 4432	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:21:07.0779 4432	msisadrv - ok
16:21:07.0903 4432	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:21:07.0905 4432	MSKSSRV - ok
16:21:07.0958 4432	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:21:07.0960 4432	MSPCLOCK - ok
16:21:08.0005 4432	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:21:08.0007 4432	MSPQM - ok
16:21:08.0085 4432	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:21:08.0132 4432	MsRPC - ok
16:21:08.0374 4432	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:21:08.0376 4432	mssmbios - ok
16:21:08.0472 4432	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:21:08.0473 4432	MSTEE - ok
16:21:08.0579 4432	msvad_simple    (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
16:21:08.0581 4432	msvad_simple - ok
16:21:08.0636 4432	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:21:08.0638 4432	MTConfig - ok
16:21:08.0715 4432	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:21:08.0716 4432	Mup - ok
16:21:08.0782 4432	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:21:08.0787 4432	NativeWifiP - ok
16:21:08.0911 4432	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:21:08.0919 4432	NDIS - ok
16:21:09.0026 4432	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:21:09.0028 4432	NdisCap - ok
16:21:09.0069 4432	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:21:09.0071 4432	NdisTapi - ok
16:21:09.0173 4432	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:21:09.0175 4432	Ndisuio - ok
16:21:09.0214 4432	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:21:09.0217 4432	NdisWan - ok
16:21:09.0265 4432	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:21:09.0267 4432	NDProxy - ok
16:21:09.0376 4432	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:21:09.0378 4432	NetBIOS - ok
16:21:09.0424 4432	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:21:09.0429 4432	NetBT - ok
16:21:09.0578 4432	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:21:09.0580 4432	nfrd960 - ok
16:21:09.0608 4432	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:21:09.0610 4432	Npfs - ok
16:21:09.0630 4432	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:21:09.0631 4432	nsiproxy - ok
16:21:09.0686 4432	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:21:09.0696 4432	Ntfs - ok
16:21:09.0809 4432	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:21:09.0810 4432	Null - ok
16:21:09.0872 4432	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
16:21:09.0878 4432	NVENETFD - ok
16:21:09.0913 4432	NVHDA           (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
16:21:09.0916 4432	NVHDA - ok
16:21:10.0272 4432	nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:21:10.0509 4432	nvlddmkm - ok
16:21:10.0634 4432	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:21:10.0637 4432	nvraid - ok
16:21:10.0686 4432	nvrd64          (9340b273f9d2b4efdb94bdcd89550c1f) C:\Windows\system32\DRIVERS\nvrd64.sys
16:21:10.0689 4432	nvrd64 - ok
16:21:10.0805 4432	nvsmu           (f6c6d8298dd85507f680437ec2e6899c) C:\Windows\system32\DRIVERS\nvsmu.sys
16:21:10.0806 4432	nvsmu - ok
16:21:10.0837 4432	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:21:10.0840 4432	nvstor - ok
16:21:10.0875 4432	nvstor64        (3e92c341f7a5bb9245dec53ddee61a8d) C:\Windows\system32\DRIVERS\nvstor64.sys
16:21:10.0878 4432	nvstor64 - ok
16:21:11.0014 4432	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:21:11.0017 4432	nv_agp - ok
16:21:11.0054 4432	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:21:11.0056 4432	ohci1394 - ok
16:21:11.0103 4432	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:21:11.0106 4432	Parport - ok
16:21:11.0216 4432	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:21:11.0218 4432	partmgr - ok
16:21:11.0256 4432	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:21:11.0259 4432	pci - ok
16:21:11.0291 4432	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:21:11.0292 4432	pciide - ok
16:21:11.0399 4432	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:21:11.0404 4432	pcmcia - ok
16:21:11.0430 4432	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:21:11.0432 4432	pcw - ok
16:21:11.0466 4432	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:21:11.0475 4432	PEAUTH - ok
16:21:11.0633 4432	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:21:11.0635 4432	PptpMiniport - ok
16:21:11.0675 4432	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:21:11.0677 4432	Processor - ok
16:21:11.0803 4432	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:21:11.0806 4432	Psched - ok
16:21:11.0844 4432	PSDFilter       (e4f35efd9962a3c80365e029e5acbc92) C:\Windows\system32\DRIVERS\psdfilter.sys
16:21:11.0846 4432	PSDFilter - ok
16:21:11.0866 4432	PSDNServ        (41031289856ab4c99a49218e6c4e9f46) C:\Windows\system32\DRIVERS\PSDNServ.sys
16:21:11.0867 4432	PSDNServ - ok
16:21:11.0884 4432	psdvdisk        (c33fb61864c5096b0bf4b9dbc01bb5a9) C:\Windows\system32\DRIVERS\PSDVdisk.sys
16:21:11.0886 4432	psdvdisk - ok
16:21:12.0021 4432	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:21:12.0041 4432	ql2300 - ok
16:21:12.0152 4432	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:21:12.0155 4432	ql40xx - ok
16:21:12.0179 4432	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:21:12.0182 4432	QWAVEdrv - ok
16:21:12.0205 4432	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:21:12.0207 4432	RasAcd - ok
16:21:12.0322 4432	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:21:12.0324 4432	RasAgileVpn - ok
16:21:12.0372 4432	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:21:12.0375 4432	Rasl2tp - ok
16:21:12.0397 4432	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:21:12.0400 4432	RasPppoe - ok
16:21:12.0519 4432	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:21:12.0521 4432	RasSstp - ok
16:21:12.0562 4432	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:21:12.0567 4432	rdbss - ok
16:21:12.0591 4432	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:21:12.0593 4432	rdpbus - ok
16:21:12.0701 4432	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:21:12.0702 4432	RDPCDD - ok
16:21:12.0722 4432	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:21:12.0723 4432	RDPENCDD - ok
16:21:12.0749 4432	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:21:12.0750 4432	RDPREFMP - ok
16:21:12.0865 4432	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:21:12.0869 4432	RDPWD - ok
16:21:12.0927 4432	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:21:12.0931 4432	rdyboost - ok
16:21:13.0068 4432	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:21:13.0070 4432	rspndr - ok
16:21:13.0100 4432	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:21:13.0103 4432	sbp2port - ok
16:21:13.0144 4432	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:21:13.0147 4432	scfilter - ok
16:21:13.0268 4432	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:21:13.0270 4432	secdrv - ok
16:21:13.0321 4432	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:21:13.0322 4432	Serenum - ok
16:21:13.0460 4432	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:21:13.0463 4432	Serial - ok
16:21:13.0614 4432	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:21:13.0616 4432	sermouse - ok
16:21:13.0828 4432	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:21:13.0829 4432	sffdisk - ok
16:21:13.0859 4432	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:21:13.0861 4432	sffp_mmc - ok
16:21:13.0945 4432	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:21:13.0947 4432	sffp_sd - ok
16:21:13.0999 4432	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:21:14.0000 4432	sfloppy - ok
16:21:14.0105 4432	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:21:14.0107 4432	SiSRaid2 - ok
16:21:14.0158 4432	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:21:14.0161 4432	SiSRaid4 - ok
16:21:14.0258 4432	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:21:14.0261 4432	Smb - ok
16:21:14.0334 4432	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:21:14.0335 4432	spldr - ok
16:21:14.0396 4432	sptd            (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
16:21:14.0407 4432	sptd - ok
16:21:14.0504 4432	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:21:14.0511 4432	srv - ok
16:21:14.0534 4432	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:21:14.0540 4432	srv2 - ok
16:21:14.0560 4432	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:21:14.0564 4432	srvnet - ok
16:21:14.0690 4432	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:21:14.0692 4432	stexstor - ok
16:21:14.0739 4432	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:21:14.0741 4432	swenum - ok
16:21:14.0891 4432	Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:21:14.0906 4432	Tcpip - ok
16:21:15.0049 4432	TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:21:15.0063 4432	TCPIP6 - ok
16:21:15.0169 4432	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:21:15.0171 4432	tcpipreg - ok
16:21:15.0227 4432	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:21:15.0229 4432	TDPIPE - ok
16:21:15.0318 4432	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:21:15.0321 4432	TDTCP - ok
16:21:15.0369 4432	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:21:15.0372 4432	tdx - ok
16:21:15.0394 4432	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:21:15.0396 4432	TermDD - ok
16:21:15.0526 4432	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:21:15.0529 4432	tssecsrv - ok
16:21:15.0577 4432	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:21:15.0580 4432	TsUsbFlt - ok
16:21:15.0704 4432	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:21:15.0707 4432	tunnel - ok
16:21:15.0752 4432	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:21:15.0755 4432	uagp35 - ok
16:21:15.0804 4432	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:21:15.0810 4432	udfs - ok
16:21:15.0916 4432	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:21:15.0919 4432	uliagpkx - ok
16:21:15.0955 4432	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:21:15.0957 4432	umbus - ok
16:21:16.0002 4432	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:21:16.0004 4432	UmPass - ok
16:21:16.0143 4432	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:21:16.0146 4432	usbaudio - ok
16:21:16.0168 4432	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:21:16.0170 4432	usbccgp - ok
16:21:16.0282 4432	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:21:16.0286 4432	usbcir - ok
16:21:16.0320 4432	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:21:16.0322 4432	usbehci - ok
16:21:16.0435 4432	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:21:16.0441 4432	usbhub - ok
16:21:16.0459 4432	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:21:16.0461 4432	usbohci - ok
16:21:16.0498 4432	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:21:16.0500 4432	usbprint - ok
16:21:16.0596 4432	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
16:21:16.0598 4432	USBSTOR - ok
16:21:16.0614 4432	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:21:16.0616 4432	usbuhci - ok
16:21:16.0655 4432	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:21:16.0657 4432	vdrvroot - ok
16:21:16.0776 4432	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:21:16.0778 4432	vga - ok
16:21:16.0800 4432	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:21:16.0802 4432	VgaSave - ok
16:21:16.0830 4432	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:21:16.0835 4432	vhdmp - ok
16:21:16.0932 4432	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:21:16.0934 4432	viaide - ok
16:21:16.0953 4432	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:21:16.0955 4432	volmgr - ok
16:21:17.0002 4432	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:21:17.0008 4432	volmgrx - ok
16:21:17.0106 4432	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:21:17.0111 4432	volsnap - ok
16:21:17.0150 4432	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:21:17.0154 4432	vsmraid - ok
16:21:17.0176 4432	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:21:17.0178 4432	vwifibus - ok
16:21:17.0278 4432	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:21:17.0280 4432	WacomPen - ok
16:21:17.0338 4432	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:21:17.0341 4432	WANARP - ok
16:21:17.0346 4432	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:21:17.0348 4432	Wanarpv6 - ok
16:21:17.0484 4432	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:21:17.0486 4432	Wd - ok
16:21:17.0517 4432	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:21:17.0526 4432	Wdf01000 - ok
16:21:17.0678 4432	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:21:17.0680 4432	WfpLwf - ok
16:21:17.0697 4432	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:21:17.0699 4432	WIMMount - ok
16:21:17.0866 4432	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:21:17.0868 4432	WinUsb - ok
16:21:17.0924 4432	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:21:17.0925 4432	WmiAcpi - ok
16:21:18.0105 4432	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:21:18.0107 4432	ws2ifsl - ok
16:21:18.0159 4432	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:21:18.0162 4432	WudfPf - ok
16:21:18.0243 4432	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:21:18.0246 4432	WUDFRd - ok
16:21:18.0278 4432	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:21:18.0295 4432	\Device\Harddisk0\DR0 - ok
16:21:18.0299 4432	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:21:18.0305 4432	\Device\Harddisk1\DR1 - ok
16:21:18.0309 4432	Boot (0x1200)   (b48c8a973ba77e986549fd8996c2fcb9) \Device\Harddisk0\DR0\Partition0
16:21:18.0311 4432	\Device\Harddisk0\DR0\Partition0 - ok
16:21:18.0339 4432	Boot (0x1200)   (3629aa46a59987dcac559061f07d25a2) \Device\Harddisk0\DR0\Partition1
16:21:18.0340 4432	\Device\Harddisk0\DR0\Partition1 - ok
16:21:18.0344 4432	Boot (0x1200)   (8685f748630ad48137d1acec0bb7bcc0) \Device\Harddisk1\DR1\Partition0
16:21:18.0346 4432	\Device\Harddisk1\DR1\Partition0 - ok
16:21:18.0347 4432	============================================================
16:21:18.0347 4432	Scan finished
16:21:18.0347 4432	============================================================
16:21:18.0361 2684	Detected object count: 0
16:21:18.0361 2684	Actual detected object count: 0
16:22:12.0138 5044	Deinitialize success

4. awsMBR
Followed the instructions. The Fix button was NOT enabled. Log follows.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-03 16:23:30
-----------------------------
16:23:30.567    OS Version: Windows x64 6.1.7601 Service Pack 1
16:23:30.567    Number of processors: 4 586 0xF0B
16:23:30.568    ComputerName: CHARLENE  UserName: Raven
16:23:31.389    Initialize success
16:23:31.704    AVAST engine defs: 11110300
16:24:14.536    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
16:24:14.540    Disk 0 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 8
16:24:14.544    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000067
16:24:14.547    Disk 1 Vendor: ST2000DL CC32 Size: 1907729MB BusType: 8
16:24:16.565    Disk 0 MBR read successfully
16:24:16.568    Disk 0 MBR scan
16:24:16.574    Disk 0 Windows 7 default MBR code
16:24:16.578    Service scanning
16:24:17.810    Modules scanning
16:24:18.204    AVAST engine scan C:\Windows
16:24:21.446    AVAST engine scan C:\Windows\system32
16:25:40.485    AVAST engine scan C:\Windows\system32\drivers
16:25:48.251    AVAST engine scan C:\Users\Raven
16:28:43.479    AVAST engine scan C:\ProgramData
16:29:35.234    Scan finished successfully
16:31:25.362    Disk 0 MBR has been saved successfully to "D:\temp\MBR.dat"
16:31:25.367    The log file has been saved successfully to "D:\temp\aswMBR log.txt"

5. Command Prompt junk log
Followed the instructions. Log follows.


These Windows services are started:

   Application Experience
   avast! Antivirus
   Background Intelligent Transfer Service
   Base Filtering Engine
   CNG Key Isolation
   COM+ Event System
   Computer Browser
   Cryptographic Services
   Cyberlink RichVideo Service(CRVS)
   DCOM Server Process Launcher
   Desktop Window Manager Session Manager
   DHCP Client
   Diagnostic Policy Service
   Diagnostic Service Host
   Diagnostic System Host
   Distributed Link Tracking Client
   DNS Client
   eDataSecurity Service
   ePerformance Service
   eRecovery Service
   eSettings Service
   Function Discovery Provider Host
   Function Discovery Resource Publication
   Group Policy Client
   HomeGroup Listener
   HomeGroup Provider
   IKE and AuthIP IPsec Keying Modules
   IP Helper
   IPsec Policy Agent
   LightScribeService Direct Disc Labeling Service
   MBAMService
   Multimedia Class Scheduler
   Network Connections
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   NVIDIA Display Driver Service
   NVIDIA Stereoscopic 3D Driver Service
   NVIDIA Update Service Daemon
   Peer Name Resolution Protocol
   Peer Networking Grouping
   Peer Networking Identity Manager
   Plug and Play
   Portable Device Enumerator Service
   Power
   Print Spooler
   Program Compatibility Assistant Service
   Remote Access Connection Manager
   Remote Procedure Call (RPC)
   RPC Endpoint Mapper
   Secondary Logon
   Secure Socket Tunneling Protocol Service
   Security Accounts Manager
   Security Center
   Server
   Shell Hardware Detection
   SSDP Discovery
   Superfetch
   System Event Notification Service
   Task Scheduler
   TCP/IP NetBIOS Helper
   Telephony
   Themes
   UMVPFSrv
   UPnP Device Host
   User Profile Service
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Defender
   Windows Driver Foundation - User-mode Driver Framework
   Windows Event Log
   Windows Firewall
   Windows Font Cache Service
   Windows Image Acquisition (WIA)
   Windows Live ID Sign-in Assistant
   Windows Management Instrumentation
   Windows Media Player Network Sharing Service
   Windows Update
   WinHTTP Web Proxy Auto-Discovery Service
   Workstation

The command completed successfully.

6. Process Explorer
Followed the instructions. Log follows.


Process	PID	CPU	Private Bytes	Working Set	Description	Company Name
System Idle Process	0	96.17	0 K	24 K		
audiodg.exe	1084	1.82	22,748 K	22,984 K	Windows Audio Device Graph Isolation 	Microsoft Corporation
procexp64.exe	4672	1.46	24,396 K	44,328 K	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com
Interrupts	n/a	0.17	0 K	0 K	Hardware Interrupts and DPCs	
System	4	0.08	204 K	1,112 K		
dwm.exe	3636	0.08	27,092 K	35,812 K	Desktop Window Manager	Microsoft Corporation
chrome.exe	4196	0.06	23,044 K	29,664 K	Google Chrome	Google Inc.
svchost.exe	1020	0.06	21,516 K	24,608 K	Host Process for Windows Services	Microsoft Corporation
explorer.exe	3692	0.03	39,156 K	74,080 K	Windows Explorer	Microsoft Corporation
csrss.exe	572	0.02	3,004 K	9,524 K	Client Server Runtime Process	Microsoft Corporation
svchost.exe	728	0.01	33,508 K	50,488 K	Host Process for Windows Services	Microsoft Corporation
chrome.exe	4108	0.01	41,696 K	57,312 K	Google Chrome	Google Inc.
svchost.exe	1396	0.01	18,592 K	19,560 K	Host Process for Windows Services	Microsoft Corporation
AvastSvc.exe	1476	< 0.01	31,916 K	28,192 K	avast! Service	AVAST Software
services.exe	616	< 0.01	5,856 K	10,212 K	Services and Controller app	Microsoft Corporation
svchost.exe	508	< 0.01	119,168 K	129,844 K	Host Process for Windows Services	Microsoft Corporation
daemonu.exe	3032	< 0.01	2,776 K	6,716 K	NVIDIA Settings Update Manager	NVIDIA Corporation
wmpnetwk.exe	2264	< 0.01	12,324 K	16,916 K	Windows Media Player Network Sharing Service	Microsoft Corporation
WLIDSVC.EXE	2280	< 0.01	8,412 K	16,576 K	Microsoft® Windows Live ID Service	Microsoft Corp.
svchost.exe	1228	< 0.01	10,576 K	18,216 K	Host Process for Windows Services	Microsoft Corporation
spoolsv.exe	2008	< 0.01	9,420 K	16,432 K	Spooler SubSystem App	Microsoft Corporation
MemCheck.exe	1616	< 0.01	29,880 K	8,448 K	MemCheck.Service	
chrome.exe	4092	< 0.01	41,848 K	63,004 K	Google Chrome	Google Inc.
chrome.exe	4484	< 0.01	9,808 K	19,908 K	Google Chrome	Google Inc.
nvvsvc.exe	1336	< 0.01	5,892 K	13,468 K	NVIDIA Driver Helper Service, Version 280.26	NVIDIA Corporation
eRecoveryService.exe	2364	< 0.01	26,964 K	21,128 K	eRecoveryService	Acer Inc.
capuserv.exe	2452	< 0.01	27,360 K	19,348 K	Service	
csrss.exe	488	< 0.01	2,380 K	4,824 K	Client Server Runtime Process	Microsoft Corporation
svchost.exe	764	< 0.01	74,700 K	33,304 K	Host Process for Windows Services	Microsoft Corporation
xnViewer.exe	3908		2,216 K	996 K		
XNeatWM.exe	3056		4,004 K	984 K	XNeat Windows Manager	
WUDFHost.exe	2900		3,032 K	7,540 K	Windows Driver Foundation - User-mode Driver Framework Host Process	Microsoft Corporation
WmiPrvSE.exe	4192		3,580 K	7,460 K	WMI Provider Host	Microsoft Corporation
WmiPrvSE.exe	3040		6,500 K	11,708 K	WMI Provider Host	Microsoft Corporation
WLIDSVCM.EXE	2388		2,224 K	4,368 K	Microsoft® Windows Live ID Service Monitor	Microsoft Corp.
winlogon.exe	696		3,960 K	8,484 K	Windows Logon Application	Microsoft Corporation
wininit.exe	548		2,412 K	5,704 K	Windows Start-Up Application	Microsoft Corporation
UMVPFSrv.exe	1028		1,552 K	4,572 K	Logitech User mode UMVPF service	Logitech Inc.
taskhost.exe	3512		12,316 K	16,036 K	Host Process for Windows Tasks	Microsoft Corporation
svchost.exe	1592		8,712 K	16,076 K	Host Process for Windows Services	Microsoft Corporation
svchost.exe	340		12,520 K	16,604 K	Host Process for Windows Services	Microsoft Corporation
svchost.exe	2044		27,920 K	29,488 K	Host Process for Windows Services	Microsoft Corporation
svchost.exe	772		5,300 K	11,092 K	Host Process for Windows Services	Microsoft Corporation
svchost.exe	932		5,560 K	9,752 K	Host Process for Windows Services	Microsoft Corporation
svchost.exe	2236		2,572 K	6,532 K	Host Process for Windows Services	Microsoft Corporation
svchost.exe	2956		3,520 K	7,484 K	Host Process for Windows Services	Microsoft Corporation
smss.exe	332		552 K	1,252 K	Windows Session Manager	Microsoft Corporation
SetPoint.exe	1188		7,644 K	18,128 K	Logitech SetPoint Event Manager (UNICODE)	Logitech, Inc.
rundll32.exe	1468		6,072 K	7,760 K	Windows host process (Rundll32)	Microsoft Corporation
RichVideo.exe	2200		1,640 K	4,760 K	RichVideo Module	
RAVCpl64.exe	3736		8,556 K	11,172 K	HD Audio Control Panel	Realtek Semiconductor
procexp.exe	3968		2,436 K	10,232 K	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com
nvxdsync.exe	1324		8,120 K	18,440 K	NVIDIA User Experience Driver Component	NVIDIA Corporation
nvvsvc.exe	872		3,560 K	8,632 K	NVIDIA Driver Helper Service, Version 280.26	NVIDIA Corporation
nvSCPAPISvr.exe	896		2,748 K	6,116 K	Stereo Vision Control Panel API Server	NVIDIA Corporation
nvraidservice.exe	4052		3,900 K	9,264 K	NVIDIA RAID Service English language	NVIDIA Corporation
notepad.exe	3432		11,544 K	27,152 K	Notepad	Microsoft Corporation
mbamservice.exe	2732		103,608 K	45,476 K	Malwarebytes' Anti-Malware	Malwarebytes Corporation
mbamgui.exe	4152		3,372 K	8,472 K	Malwarebytes' Anti-Malware	Malwarebytes Corporation
LSSrvc.exe	2124		1,572 K	4,472 K		Hewlett-Packard Company
lsm.exe	644		3,436 K	5,416 K	Local Session Manager Service	Microsoft Corporation
lsass.exe	636		5,696 K	13,452 K	Local Security Authority Process	Microsoft Corporation
KHALMNPR.exe	4064		7,552 K	14,140 K	Logitech KHAL Main Process	Logitech, Inc.
eDSService.exe	1304		2,020 K	5,376 K	Acer eDataSecurity Management Service	Egis Incorporated
eDSMSNLoader32.exe	2864		2,168 K	5,564 K	MSN Hook Loader (32 bit)	Egis inc.
eDSLoader.exe	4024		23,320 K	25,808 K	Acer eDataSecurity Management Loader	Egis Incorporated
dllhost.exe	4408		3,408 K	8,412 K	COM Surrogate	Microsoft Corporation
chrome.exe	2324		11,176 K	21,844 K	Google Chrome	Google Inc.
chrome.exe	3668		29,612 K	42,524 K	Google Chrome	Google Inc.

7. Event Viewer Tool
Followed the instructions. Two logs follow. First System, then Application.


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/11/2011 6:41:34 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/11/2011 12:34:22 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  sptd

Log: 'System' Date/Time: 04/11/2011 12:22:50 AM
Type: Error Category: 0
Event: 4 Source: sptd
Driver detected an internal error in its data structures for .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/11/2011 12:34:39 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/11/2011 12:32:32 AM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 12:31:32 AM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 12:30:31 AM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 12:29:31 AM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 12:28:30 AM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 12:27:29 AM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 12:26:28 AM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 12:23:59 AM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 03/11/2011 10:45:50 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 03/11/2011 10:44:49 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 03/11/2011 10:43:48 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 03/11/2011 10:42:47 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/11/2011 6:42:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/11/2011 12:34:11 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I believe this is everything requested. Please let me know if I left anything out.
  • 0

#4
RKinner
Posted 03 November 2011 - 08:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\System32\Drivers\sptd.sys

Driver::
sptd


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

After you do that, clear the event logs as before and then reboot and run Vino's as before. (The System logs are all we need.)
stpd is not loading correctly so let's get it out of the way and see if perhaps it is causing the other alarms. (It's part of Daemon Tools so you will need to uninstall and reinstall if you use it).

These alarms:

Log: 'System' Date/Time: 04/11/2011 12:27:29 AM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.


are probably the real problem rather than malware. nvstor.sys is NVIDIA® nForce™ Sata Performance Driver, a driver file from company NVIDIA Corporation belonging to product NVIDIA nForce™ SATA Driver. If removing the sptd driver doesn't help then possibly a bad driver but also bad drive cable or hard drive.
  • 0

#5
LittleRaven
Posted 04 November 2011 - 11:44 AM

LittleRaven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Alrighty, I followed your instructions as best I could, but my system keeps freezing. I dragged CFScript.txt over to Combofix and it did run, but after it deleted c:\windows\System32\Drivers\sptd.sys like it was supposed to, the program froze and didn't give a log. At least I assume it deleted the file, I'm not even 100% certain it did. It claimed it did, but it froze at that point so perhaps it failed to delete it. I just ran a search for sptd.sys and came up with this:

Path: Qoobox\Quarantine\C\Windows\System32\Drivers
Name: sptd.sys.vir

I don't know if that helps but there it is. I don't use Daemon Tools, and there isn't an entry for it in "Programs and Features" which leads me to believe I've uninstalled it already. Perhaps it wasn't a clean uninstall though.

I then cleared event logs and attempted to reboot, however my system will not reboot cleanly. It freezes at the Shutting Down screen and I have to turn off the machine via the button, otherwise it will just sit and do nothing forever (I have let it sit for hours just in case, but nothing happens). I haven't been able to reboot normally in days. After I booted back up, I ran Vino's. Log follows.


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/11/2011 11:23:10 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/11/2011 5:22:38 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.wowhead.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/11/2011 5:05:35 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 5:04:35 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 5:03:35 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 5:02:35 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 5:01:35 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 5:00:35 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:59:34 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:58:34 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:27:49 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:26:48 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:25:47 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:24:46 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:23:45 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:19:45 PM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 04/11/2011 4:19:45 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:18:44 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:17:43 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:16:42 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 04/11/2011 4:15:41 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

  • 0

#6
RKinner
Posted 04 November 2011 - 11:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
The file is gone so CF did what it was supposed to. Unfortunately as you can see by the event logs the error:

Log: 'System' Date/Time: 04/11/2011 5:05:35 PM
Type: Warning Category: 0
Event: 129 Source: nvstor
Reset to device, \Device\RaidPort0, was issued.

is still with us so we either have a driver problem or a hardware issue. What make and model PC is this?

Ron
  • 0

#7
LittleRaven
Posted 04 November 2011 - 12:16 PM

LittleRaven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
It's an Acer Aspire AM5641-E5610A, Q6600 Intel Core 2 Quad Processor with 4gb DDR2 memory.

I think it might be a driver issue. This only started happening recently, and I may have updated those drivers recently as well. I hope it's a driver issue anyway, I can't afford yet another new hard drive.
  • 0

#8
RKinner
Posted 04 November 2011 - 12:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Go to the Acer support site:

http://us.acer.com/a...content/drivers

Select Desktop, Aspire, M5641, Win 7 -64 and you should see the NVIDIA Chipset Driver (Package 15.45). Enormous thing 0ver 200 MB. Download it, Save it and install it and see if it helps.

Ron
  • 0

#9
LittleRaven
Posted 04 November 2011 - 01:48 PM

LittleRaven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I downloaded and installed the chipset, and I already see a major improvement. My computer actually reset without an issue for the first time in days, and it booted up with no trouble and much faster than usual. Also, I just moved a folder of data from c: to e: as a small test with no trouble.

I think that might have done the trick! Thank you so much!

Is there anything else I should do?
  • 0

#10
RKinner
Posted 04 November 2011 - 01:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
clear the event logs as before and then reboot and run Vino's as before. (The System logs are all we need.) Let's see if it is gone.

Ron
  • 0

Advertisements

#11
LittleRaven
Posted 04 November 2011 - 02:04 PM

LittleRaven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Looks like that did it alright!


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/11/2011 2:03:12 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#12
RKinner
Posted 04 November 2011 - 02:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Guess we are done.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#13
LittleRaven
Posted 04 November 2011 - 02:49 PM

LittleRaven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Excellent, thank you so much Ron! I saved your last post as a text file just in case, and am currently updating everything via FileHippo's update check. I can use some of this information on my wife's computer as well, which is even more out of date than mine is. I really, really appreciate all your help. You are a life saver! If you're ever in Calgary, drinks are on me!
  • 0

#14
RKinner
Posted 04 November 2011 - 03:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You never know. We might make it up there one day. Think we will wait until summer tho.

Ron
  • 0

#15
LittleRaven
Posted 04 November 2011 - 08:02 PM

LittleRaven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
It would seem the problem isn't entirely fixed after all. Now I have a new symptom. The computer seems to freeze at random for 10-15 seconds, once a minute or so. I discovered it in the Windows System logs. "Reset to device, \Device\RaidPort0, was issued." Every time my computer freezes, it generates that warning in the log. I already have dozens of them. I used to have this problem in the past, but it went away for almost a year. Now it's back again.

Also, Windows Explorer just crashed again so I'm going to have to reboot the hard way.

Back to the drawing board I guess.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP