Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Program Files Disappeared / No Outlook


  • Please log in to reply

#1
brandonlile

brandonlile

    New Member

  • Member
  • Pip
  • 6 posts
So my mother contacted me and alerted me to the fact that her computer is missing outlook and that Avast moved it to the chest. Since visiting from college I have found several other symptoms. All the program files in the start menu is missing; however, all the program files are still there. I've seen this on a previously infected computer, but I forgot how to fix it. I ran Malwarebytes and it found nothing. I then proceeded to restart the computer in safe mode and ran combofix. I will post the result here :

ComboFix 11-11-05.03 - Mom 11/05/2011  18:11:40.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1983.1577 [GMT -5:00]
Running from: C:\Users\Mom\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point


(((((((((((((((((((((((((   Files Created from 2011-10-05 to 2011-11-05  )))))))))))))))))))))))))))))))


2011-11-05 23:16:24 . 2011-11-05 23:16:24	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2011-11-05 22:22:35 . 2011-11-05 22:22:35	56200	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D672B32-4F88-4A9B-96B9-72886814AFB8}\offreg.dll
2011-11-05 22:09:18 . 2011-11-05 22:09:18	--------	d-----w-	C:\Users\Mom\AppData\Roaming\Malwarebytes
2011-11-05 22:09:04 . 2011-11-05 22:09:04	--------	d-----w-	C:\ProgramData\Malwarebytes
2011-11-05 22:09:01 . 2011-11-05 22:09:07	--------	d-----w-	C:\Program Files\Malwarebytes' Anti-Malware
2011-11-05 22:09:01 . 2011-08-31 22:00:50	22216	----a-w-	C:\Windows\system32\drivers\mbam.sys
2011-11-04 23:07:13 . 2011-10-18 07:28:06	6668624	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D672B32-4F88-4A9B-96B9-72886814AFB8}\mpengine.dll
2011-11-03 22:56:38 . 2011-11-03 22:56:38	--------	d-----w-	C:\Users\Default\AppData\Local\Microsoft Help
2011-11-02 22:38:33 . 2011-11-04 11:55:11	--------	d-----w-	C:\Program Files\Microsoft Works
2011-11-02 22:36:39 . 2008-10-08 12:55:08	463152	----a-r-	C:\Users\Mom\setup.exe
2011-11-02 21:40:30 . 2011-11-02 21:40:53	--------	d-----w-	C:\ProgramData\NVIDIA
2011-11-02 21:38:48 . 2011-11-02 21:38:49	--------	d-----w-	C:\Windows\system32\EventProviders
2011-11-02 21:38:13 . 2009-03-06 16:52:00	797216	----a-w-	C:\Windows\system32\nvcplui.exe
2011-11-02 21:38:13 . 2009-03-06 16:52:00	420384	----a-w-	C:\Windows\system32\nvcpl.cpl
2011-11-02 21:38:13 . 2009-03-06 16:52:00	1108512	----a-w-	C:\Windows\system32\nvcpluir.dll
2011-11-02 21:38:12 . 2009-03-06 16:52:00	453152	----a-w-	C:\Windows\system32\nvuninst.exe
2011-11-02 21:17:48 . 2011-11-02 21:17:48	--------	d-----w-	C:\found.001
2011-10-26 01:02:49 . 2011-10-26 01:02:49	--------	d-----w-	C:\found.000
2011-10-26 00:04:42 . 2011-08-15 04:25:59	6144	----a-w-	C:\Program Files\Internet Explorer\iecompat.dll
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-06 20:45:29 . 2011-09-04 22:55:53	199304	----a-w-	C:\Windows\system32\aswBoot.exe
2011-09-06 20:45:29 . 2011-06-17 15:54:17	41184	----a-w-	C:\Windows\avastSS.scr
2011-09-06 20:38:05 . 2011-09-04 22:56:17	442200	----a-w-	C:\Windows\system32\drivers\aswSnx.sys
2011-09-06 20:37:53 . 2011-09-04 22:56:23	320856	----a-w-	C:\Windows\system32\drivers\aswSP.sys
2011-09-06 20:36:38 . 2011-09-04 22:56:20	34392	----a-w-	C:\Windows\system32\drivers\aswRdr.sys
2011-09-06 20:36:36 . 2011-09-04 22:56:19	52568	----a-w-	C:\Windows\system32\drivers\aswTdi.sys
2011-09-06 20:36:26 . 2011-09-04 22:56:15	54616	----a-w-	C:\Windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36:12 . 2011-09-04 22:56:23	20568	----a-w-	C:\Windows\system32\drivers\aswFsBlk.sys
2011-10-01 16:49:16 . 2011-06-16 05:09:37	134104	----a-w-	C:\Program Files\mozilla firefox\components\browsercomps.dll
2011-06-17 16:02:34	8192	--sha-w-	C:\Windows\System32\srvany.exe


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2011-08-01 03:12:46 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\user32.dll
[7] 2010-11-20 12:21:33 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 01:16:17 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45:22	122512	----a-w-	C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 17:55:28 937920]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 19:54:26 91520]
"EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 15:12:12 976320]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-09-06 20:45:30 3722416]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-03-06 16:52:00 13605408]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2009-03-06 16:52:00 92704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 22:00:48 449608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 17:55:28 64952]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 20:36:26 54616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 16:15:00 31125880]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 02:37:50 4640000]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 22:13:45 207360]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 22:13:46 980992]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 22:13:45 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-21 11:36:03 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:18:07 17920]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]



------- Supplementary Scan -------

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.30
FF - ProfilePath - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\f1damigj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
There is one type of malware that likes to remove the links and hide them in %Temp%\smtmp which I expect would be C:\Users\Mom\AppData\Local\temp\smtp on your mom's PC.

Unfortunately when you start trying to get rid of this on your own the tendency is to clear the temp files so that the folder is lost.

Combofix is also aware of the bug so it should fix it for you if the folder exists. It a hidden system file so first:
Close all programs so that you are at your desktop.
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

See if you can find the smtmp folder. If you do, copy it to your desktop so it will be safe (don't move it).

You can try unhide.exe which I think will automatically fix it for you.

Download, Save and Right click on unhide.exe and Run As Administrator from

http://download.blee...nler/unhide.exe

We really need to see your OTL log to know what's going on.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Also you only posted part of the Combofix log. The bottom of it was missing.

Also run the following:

First fix Avast so it won't interfere:


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
brandonlile

brandonlile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
So I looked for the hidden folder but was unable to find it. So I'm not sure what my next step with that should be (if anything). And here are the OTL logs :
OTL logfile created on: 11/6/2011 10:20:42 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Mom\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.94 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.15% Memory free
3.87 Gb Paging File | 2.63 Gb Available in Paging File | 67.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.38 Gb Total Space | 72.45 Gb Free Space | 70.08% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 63.17 Gb Free Space | 84.76% Space Free | Partition Type: NTFS
Drive E: | 8.41 Gb Total Space | 1.79 Gb Free Space | 21.23% Space Free | Partition Type: NTFS
 
Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/11/06 10:19:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
PRC - [2011/10/01 10:49:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 14:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/10/01 10:49:16 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/16 13:08:34 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/28 21:04:58 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/21 05:36:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/09/06 14:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 14:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 14:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 14:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 14:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 14:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/26 18:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/07/13 18:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 16:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 39 93 2F E3 2B CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/02 15:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 10:49:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/06/15 23:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2011/06/15 23:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/02 15:25:25 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/10/01 10:49:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7F9BA32-40A5-409B-B8F1-8F58BFE89328}: DhcpNameServer = 192.168.10.30
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/11/06 10:26:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Mom\Desktop\aswMBR.exe
[2011/11/06 10:25:24 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mom\Desktop\tdsskiller.exe
[2011/11/06 10:18:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2011/11/05 17:24:42 | 000,000,000 | ---D | C] -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/11/05 17:17:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/05 17:10:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/05 17:10:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/05 17:10:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/05 17:10:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/05 17:10:33 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 17:10:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 17:10:24 | 000,000,000 | R--D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/05 17:10:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/05 17:10:24 | 000,000,000 | R--D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/05 17:10:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/05 16:09:18 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Malwarebytes
[2011/11/05 16:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/05 16:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/05 16:09:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/05 16:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/02 16:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/11/02 16:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/11/02 16:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/11/02 16:36:39 | 000,463,152 | R--- | C] (Microsoft Corporation) -- C:\Users\Mom\setup.exe
[2011/11/02 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/11/02 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/11/02 15:38:13 | 001,108,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2011/11/02 15:38:13 | 000,797,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2011/11/02 15:38:13 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2011/11/02 15:38:12 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2011/11/02 15:22:31 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft
[2011/11/02 15:17:48 | 000,000,000 | ---D | C] -- C:\found.001
[2011/10/25 19:02:49 | 000,000,000 | ---D | C] -- C:\found.000
[2011/10/13 17:45:33 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/13 17:45:32 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/13 17:45:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/10/13 17:45:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/13 17:45:32 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/13 17:45:30 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/13 17:45:22 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/13 17:45:22 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/13 17:45:22 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/13 17:45:21 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/13 17:45:21 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/13 17:45:20 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/13 17:45:20 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/13 17:45:20 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/13 17:45:20 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/13 17:45:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/13 17:45:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/11/06 10:26:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Mom\Desktop\aswMBR.exe
[2011/11/06 10:25:33 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mom\Desktop\tdsskiller.exe
[2011/11/06 10:19:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2011/11/06 10:15:41 | 000,684,297 | ---- | M] () -- C:\Users\Mom\Desktop\unhide.exe
[2011/11/06 10:13:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/05 17:27:44 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/05 17:27:44 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/05 17:22:56 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/05 16:16:53 | 000,009,808 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/05 16:16:52 | 000,009,808 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/05 16:09:05 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 18:11:34 | 000,400,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/02 15:58:45 | 000,000,993 | ---- | M] () -- C:\Users\Mom\Desktop\connorgay - Shortcut.lnk
[2011/11/02 15:25:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/11/06 10:15:32 | 000,684,297 | ---- | C] () -- C:\Users\Mom\Desktop\unhide.exe
[2011/11/05 17:10:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/05 17:10:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/05 17:10:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/05 17:10:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/05 17:10:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/05 16:09:05 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 15:58:45 | 000,000,993 | ---- | C] () -- C:\Users\Mom\Desktop\connorgay - Shortcut.lnk
[2011/09/04 16:31:48 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/09/04 16:31:48 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/09/04 16:31:48 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/09/04 16:31:48 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/09/04 16:31:48 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/09/04 16:31:48 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/09/04 16:31:48 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/09/04 16:31:48 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/09/04 16:31:48 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/09/04 16:31:48 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/09/04 16:31:48 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/09/04 16:31:48 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/09/04 16:31:48 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/09/04 16:31:48 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/09/04 16:31:48 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/09/04 16:31:48 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/09/04 16:29:19 | 000,000,071 | ---- | C] () -- C:\Windows\ENX420.ini
[2011/06/17 10:03:19 | 000,008,192 | -HS- | C] () -- C:\Windows\System32\srvany.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,400,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/05/06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

< End of report >

The Extra's :
OTL Extras logfile created on: 11/6/2011 10:43:53 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Mom\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.94 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.15% Memory free
3.87 Gb Paging File | 2.63 Gb Available in Paging File | 67.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.38 Gb Total Space | 72.45 Gb Free Space | 70.08% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 63.17 Gb Free Space | 84.76% Space Free | Partition Type: NTFS
Drive E: | 8.41 Gb Total Space | 1.79 Gb Free Space | 21.23% Space Free | Partition Type: NTFS
 
Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (All) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKSTD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKSTD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKSTD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKSTD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00E0-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" = 
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OUTLOOKSTD" = Microsoft Office Outlook 2007
"WinRAR 4.01" = WinRAR 4.01
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 11/4/2011 1:23:45 PM | Computer Name = Mom-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 11/4/2011 7:25:14 PM | Computer Name = Mom-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 11/4/2011 8:25:14 PM | Computer Name = Mom-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 11/5/2011 7:32:21 AM | Computer Name = Mom-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 11/5/2011 7:58:30 AM | Computer Name = Mom-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 11/5/2011 6:20:22 PM | Computer Name = Mom-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 11/5/2011 7:10:42 PM | Computer Name = Mom-PC | Source = VSS | ID = 18
Description = 
 
Error - 11/5/2011 7:10:42 PM | Computer Name = Mom-PC | Source = VSS | ID = 8193
Description = 
 
Error - 11/5/2011 7:10:42 PM | Computer Name = Mom-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 11/5/2011 7:23:11 PM | Computer Name = Mom-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
[ System Events ]
Error - 11/5/2011 7:17:09 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 11/5/2011 7:17:09 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 11/5/2011 7:17:47 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1068
 
Error - 11/5/2011 7:18:00 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11/5/2011 7:18:00 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11/5/2011 7:23:26 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred.    Reported by component: Processor
 Core  Error Source: 3  Error Type: 256  Processor ID: 1    The details view of this entry
 contains further information.
 
Error - 11/5/2011 7:23:26 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred.    Reported by component: Processor
 Core  Error Source: 3  Error Type: 6  Processor ID: 1    The details view of this entry contains
 further information.
 
Error - 11/5/2011 7:24:33 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 11/5/2011 10:00:13 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
 power transition.  Please check for updated firmware for your system.
 
Error - 11/6/2011 12:22:22 AM | Computer Name = Mom-PC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
 period.
 
 
< End of report >

I re-ran the ComboFix scan and got :
ComboFix 11-11-06.02 - Mom 11/06/2011  10:55:12.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1983.1225 [GMT -6:00]
Running from: c:\users\Mom\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-06 to 2011-11-06  )))))))))))))))))))))))))))))))
.
.
2011-11-06 17:01 . 2011-11-06 17:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-05 23:25 . 2011-11-05 23:25	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D672B32-4F88-4A9B-96B9-72886814AFB8}\offreg.dll
2011-11-05 22:09 . 2011-11-05 22:09	--------	d-----w-	c:\users\Mom\AppData\Roaming\Malwarebytes
2011-11-05 22:09 . 2011-11-05 22:09	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-05 22:09 . 2011-11-05 22:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-05 22:09 . 2011-08-31 22:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-04 23:07 . 2011-10-18 07:28	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D672B32-4F88-4A9B-96B9-72886814AFB8}\mpengine.dll
2011-11-03 22:56 . 2011-11-03 22:56	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-11-02 22:38 . 2011-11-04 11:55	--------	d-----w-	c:\program files\Microsoft Works
2011-11-02 22:36 . 2008-10-08 12:55	463152	----a-r-	c:\users\Mom\setup.exe
2011-11-02 21:40 . 2011-11-02 21:40	--------	d-----w-	c:\programdata\NVIDIA
2011-11-02 21:38 . 2011-11-02 21:38	--------	d-----w-	c:\windows\system32\EventProviders
2011-11-02 21:38 . 2009-03-06 16:52	797216	----a-w-	c:\windows\system32\nvcplui.exe
2011-11-02 21:38 . 2009-03-06 16:52	420384	----a-w-	c:\windows\system32\nvcpl.cpl
2011-11-02 21:38 . 2009-03-06 16:52	1108512	----a-w-	c:\windows\system32\nvcpluir.dll
2011-11-02 21:38 . 2009-03-06 16:52	453152	----a-w-	c:\windows\system32\nvuninst.exe
2011-11-02 21:17 . 2011-11-02 21:17	--------	d-----w-	C:\found.001
2011-10-26 01:02 . 2011-10-26 01:02	--------	d-----w-	C:\found.000
2011-10-26 00:04 . 2011-08-15 04:25	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 20:45 . 2011-09-04 22:55	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-09-06 20:45 . 2011-06-17 15:54	41184	----a-w-	c:\windows\avastSS.scr
2011-09-06 20:38 . 2011-09-04 22:56	442200	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-09-04 22:56	320856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-09-04 22:56	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-09-04 22:56	52568	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-09-04 22:56	54616	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-09-04 22:56	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-10-01 16:49 . 2011-06-16 05:09	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-17 16:02	8192	--sha-w-	c:\windows\System32\srvany.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-01 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-21 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.30
FF - ProfilePath - c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\f1damigj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-06  11:03:27
ComboFix-quarantined-files.txt  2011-11-06 17:03
.
Pre-Run: 78,004,531,200 bytes free
Post-Run: 77,822,709,760 bytes free
.
- - End Of File - - CB8F95DB1459CDA9A6D997EF49DB402B

No malicious items were found with MBAM :
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8093

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/6/2011 11:10:25 AM
mbam-log-2011-11-06 (11-10-25).txt

Scan type: Quick scan
Objects scanned: 157827
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

TDSKiller found nothing :
11:47:17.0188 1736	TDSS rootkit removing tool 2.6.15.0 Nov  3 2011 17:15:49
11:47:17.0594 1736	============================================================
11:47:17.0594 1736	Current date / time: 2011/11/06 11:47:17.0594
11:47:17.0594 1736	SystemInfo:
11:47:17.0594 1736	
11:47:17.0594 1736	OS Version: 6.1.7600 ServicePack: 0.0
11:47:17.0594 1736	Product type: Workstation
11:47:17.0594 1736	ComputerName: MOM-PC
11:47:17.0594 1736	UserName: Mom
11:47:17.0594 1736	Windows directory: C:\Windows
11:47:17.0594 1736	System windows directory: C:\Windows
11:47:17.0594 1736	Processor architecture: Intel x86
11:47:17.0594 1736	Number of processors: 2
11:47:17.0594 1736	Page size: 0x1000
11:47:17.0594 1736	Boot type: Normal boot
11:47:17.0595 1736	============================================================
11:47:20.0063 1736	Initialize success
11:47:37.0866 2780	============================================================
11:47:37.0866 2780	Scan started
11:47:37.0866 2780	Mode: Manual; 
11:47:37.0866 2780	============================================================
11:47:38.0936 2780	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
11:47:38.0941 2780	1394ohci - ok
11:47:38.0986 2780	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
11:47:38.0994 2780	ACPI - ok
11:47:39.0028 2780	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
11:47:39.0031 2780	AcpiPmi - ok
11:47:39.0112 2780	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:47:39.0122 2780	adp94xx - ok
11:47:39.0156 2780	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:47:39.0163 2780	adpahci - ok
11:47:39.0187 2780	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:47:39.0192 2780	adpu320 - ok
11:47:39.0260 2780	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
11:47:39.0269 2780	AFD - ok
11:47:39.0289 2780	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
11:47:39.0292 2780	agp440 - ok
11:47:39.0319 2780	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:47:39.0322 2780	aic78xx - ok
11:47:39.0359 2780	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
11:47:39.0361 2780	aliide - ok
11:47:39.0378 2780	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
11:47:39.0381 2780	amdagp - ok
11:47:39.0401 2780	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
11:47:39.0403 2780	amdide - ok
11:47:39.0455 2780	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:47:39.0457 2780	AmdK8 - ok
11:47:39.0470 2780	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:47:39.0473 2780	AmdPPM - ok
11:47:39.0516 2780	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
11:47:39.0520 2780	amdsata - ok
11:47:39.0546 2780	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:47:39.0551 2780	amdsbs - ok
11:47:39.0575 2780	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
11:47:39.0578 2780	amdxata - ok
11:47:39.0610 2780	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
11:47:39.0613 2780	AppID - ok
11:47:39.0675 2780	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:47:39.0678 2780	arc - ok
11:47:39.0697 2780	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:47:39.0700 2780	arcsas - ok
11:47:39.0741 2780	aswFsBlk        (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
11:47:39.0743 2780	aswFsBlk - ok
11:47:39.0795 2780	aswMonFlt       (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
11:47:39.0798 2780	aswMonFlt - ok
11:47:39.0820 2780	aswRdr          (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
11:47:39.0823 2780	aswRdr - ok
11:47:39.0889 2780	aswSnx          (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
11:47:39.0906 2780	aswSnx - ok
11:47:39.0948 2780	aswSP           (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
11:47:39.0956 2780	aswSP - ok
11:47:39.0976 2780	aswTdi          (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
11:47:39.0979 2780	aswTdi - ok
11:47:40.0018 2780	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:47:40.0021 2780	AsyncMac - ok
11:47:40.0042 2780	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
11:47:40.0044 2780	atapi - ok
11:47:40.0122 2780	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:47:40.0132 2780	b06bdrv - ok
11:47:40.0174 2780	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:47:40.0180 2780	b57nd60x - ok
11:47:40.0259 2780	BCM43XX         (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
11:47:40.0279 2780	BCM43XX - ok
11:47:40.0295 2780	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:47:40.0297 2780	Beep - ok
11:47:40.0344 2780	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:47:40.0347 2780	blbdrive - ok
11:47:40.0396 2780	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
11:47:40.0399 2780	bowser - ok
11:47:40.0423 2780	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:47:40.0426 2780	BrFiltLo - ok
11:47:40.0450 2780	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:47:40.0452 2780	BrFiltUp - ok
11:47:40.0488 2780	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:47:40.0495 2780	Brserid - ok
11:47:40.0521 2780	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:47:40.0524 2780	BrSerWdm - ok
11:47:40.0536 2780	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:47:40.0539 2780	BrUsbMdm - ok
11:47:40.0552 2780	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:47:40.0554 2780	BrUsbSer - ok
11:47:40.0581 2780	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:47:40.0584 2780	BTHMODEM - ok
11:47:40.0721 2780	catchme - ok
11:47:40.0768 2780	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:47:40.0772 2780	cdfs - ok
11:47:40.0809 2780	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
11:47:40.0811 2780	cdrom - ok
11:47:40.0858 2780	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:47:40.0861 2780	circlass - ok
11:47:40.0898 2780	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:47:40.0906 2780	CLFS - ok
11:47:40.0954 2780	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:47:40.0957 2780	CmBatt - ok
11:47:40.0970 2780	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
11:47:40.0973 2780	cmdide - ok
11:47:41.0001 2780	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
11:47:41.0010 2780	CNG - ok
11:47:41.0050 2780	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:47:41.0053 2780	Compbatt - ok
11:47:41.0092 2780	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:47:41.0094 2780	CompositeBus - ok
11:47:41.0136 2780	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:47:41.0139 2780	crcdisk - ok
11:47:41.0204 2780	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
11:47:41.0208 2780	DfsC - ok
11:47:41.0224 2780	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:47:41.0228 2780	discache - ok
11:47:41.0267 2780	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:47:41.0270 2780	Disk - ok
11:47:41.0339 2780	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:47:41.0344 2780	drmkaud - ok
11:47:41.0416 2780	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
11:47:41.0441 2780	DXGKrnl - ok
11:47:41.0556 2780	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:47:41.0607 2780	ebdrv - ok
11:47:41.0667 2780	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:47:41.0677 2780	elxstor - ok
11:47:41.0698 2780	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
11:47:41.0700 2780	ErrDev - ok
11:47:41.0739 2780	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:47:41.0744 2780	exfat - ok
11:47:41.0770 2780	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:47:41.0775 2780	fastfat - ok
11:47:41.0814 2780	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:47:41.0816 2780	fdc - ok
11:47:41.0844 2780	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:47:41.0847 2780	FileInfo - ok
11:47:41.0869 2780	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:47:41.0871 2780	Filetrace - ok
11:47:41.0888 2780	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:47:41.0890 2780	flpydisk - ok
11:47:41.0930 2780	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:47:41.0936 2780	FltMgr - ok
11:47:41.0964 2780	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:47:41.0967 2780	FsDepends - ok
11:47:41.0987 2780	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:47:41.0990 2780	Fs_Rec - ok
11:47:42.0033 2780	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
11:47:42.0038 2780	fvevol - ok
11:47:42.0075 2780	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:47:42.0078 2780	gagp30kx - ok
11:47:42.0122 2780	HBtnKey         (e19bc597a0b13bbe6a7e3612f6f8d8a6) C:\Windows\system32\DRIVERS\cpqbttn.sys
11:47:42.0124 2780	HBtnKey - ok
11:47:42.0148 2780	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:47:42.0151 2780	hcw85cir - ok
11:47:42.0201 2780	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
11:47:42.0208 2780	HdAudAddService - ok
11:47:42.0238 2780	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:47:42.0242 2780	HDAudBus - ok
11:47:42.0268 2780	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:47:42.0270 2780	HidBatt - ok
11:47:42.0293 2780	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:47:42.0297 2780	HidBth - ok
11:47:42.0348 2780	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:47:42.0351 2780	HidIr - ok
11:47:42.0385 2780	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
11:47:42.0388 2780	HidUsb - ok
11:47:42.0455 2780	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:47:42.0461 2780	HpSAMD - ok
11:47:42.0523 2780	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
11:47:42.0542 2780	HTTP - ok
11:47:42.0567 2780	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
11:47:42.0569 2780	hwpolicy - ok
11:47:42.0608 2780	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
11:47:42.0612 2780	i8042prt - ok
11:47:42.0661 2780	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
11:47:42.0670 2780	iaStorV - ok
11:47:42.0707 2780	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:47:42.0711 2780	iirsp - ok
11:47:42.0740 2780	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
11:47:42.0742 2780	intelide - ok
11:47:42.0767 2780	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:47:42.0770 2780	intelppm - ok
11:47:42.0805 2780	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:47:42.0808 2780	IpFilterDriver - ok
11:47:42.0848 2780	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:47:42.0852 2780	IPMIDRV - ok
11:47:42.0877 2780	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:47:42.0881 2780	IPNAT - ok
11:47:42.0907 2780	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:47:42.0909 2780	IRENUM - ok
11:47:42.0929 2780	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
11:47:42.0932 2780	isapnp - ok
11:47:42.0963 2780	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
11:47:42.0968 2780	iScsiPrt - ok
11:47:42.0987 2780	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:47:42.0990 2780	kbdclass - ok
11:47:43.0018 2780	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
11:47:43.0021 2780	kbdhid - ok
11:47:43.0051 2780	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
11:47:43.0055 2780	KSecDD - ok
11:47:43.0104 2780	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
11:47:43.0112 2780	KSecPkg - ok
11:47:43.0201 2780	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:47:43.0204 2780	lltdio - ok
11:47:43.0255 2780	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:47:43.0259 2780	LSI_FC - ok
11:47:43.0278 2780	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:47:43.0282 2780	LSI_SAS - ok
11:47:43.0309 2780	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:47:43.0313 2780	LSI_SAS2 - ok
11:47:43.0331 2780	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:47:43.0335 2780	LSI_SCSI - ok
11:47:43.0384 2780	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:47:43.0387 2780	luafv - ok
11:47:43.0415 2780	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:47:43.0418 2780	megasas - ok
11:47:43.0459 2780	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:47:43.0466 2780	MegaSR - ok
11:47:43.0506 2780	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:47:43.0507 2780	Modem - ok
11:47:43.0548 2780	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:47:43.0551 2780	monitor - ok
11:47:43.0577 2780	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:47:43.0581 2780	mouclass - ok
11:47:43.0617 2780	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:47:43.0620 2780	mouhid - ok
11:47:43.0642 2780	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
11:47:43.0645 2780	mountmgr - ok
11:47:43.0683 2780	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
11:47:43.0688 2780	mpio - ok
11:47:43.0732 2780	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:47:43.0736 2780	mpsdrv - ok
11:47:43.0758 2780	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
11:47:43.0762 2780	MRxDAV - ok
11:47:43.0807 2780	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:47:43.0811 2780	mrxsmb - ok
11:47:43.0854 2780	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:47:43.0861 2780	mrxsmb10 - ok
11:47:43.0889 2780	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:47:43.0891 2780	mrxsmb20 - ok
11:47:43.0908 2780	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
11:47:43.0910 2780	msahci - ok
11:47:43.0939 2780	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
11:47:43.0943 2780	msdsm - ok
11:47:43.0974 2780	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:47:43.0977 2780	Msfs - ok
11:47:43.0997 2780	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:47:43.0999 2780	mshidkmdf - ok
11:47:44.0014 2780	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
11:47:44.0017 2780	msisadrv - ok
11:47:44.0059 2780	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:47:44.0061 2780	MSKSSRV - ok
11:47:44.0086 2780	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:47:44.0089 2780	MSPCLOCK - ok
11:47:44.0109 2780	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:47:44.0111 2780	MSPQM - ok
11:47:44.0139 2780	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:47:44.0144 2780	MsRPC - ok
11:47:44.0173 2780	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
11:47:44.0176 2780	mssmbios - ok
11:47:44.0195 2780	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:47:44.0198 2780	MSTEE - ok
11:47:44.0215 2780	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:47:44.0217 2780	MTConfig - ok
11:47:44.0243 2780	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:47:44.0246 2780	Mup - ok
11:47:44.0285 2780	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:47:44.0293 2780	NativeWifiP - ok
11:47:44.0347 2780	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
11:47:44.0360 2780	NDIS - ok
11:47:44.0380 2780	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:47:44.0383 2780	NdisCap - ok
11:47:44.0414 2780	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:47:44.0417 2780	NdisTapi - ok
11:47:44.0441 2780	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
11:47:44.0444 2780	Ndisuio - ok
11:47:44.0471 2780	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
11:47:44.0475 2780	NdisWan - ok
11:47:44.0498 2780	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
11:47:44.0502 2780	NDProxy - ok
11:47:44.0537 2780	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:47:44.0540 2780	NetBIOS - ok
11:47:44.0566 2780	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
11:47:44.0571 2780	NetBT - ok
11:47:44.0628 2780	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:47:44.0631 2780	nfrd960 - ok
11:47:44.0666 2780	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:47:44.0669 2780	Npfs - ok
11:47:44.0698 2780	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:47:44.0701 2780	nsiproxy - ok
11:47:44.0778 2780	Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
11:47:44.0801 2780	Ntfs - ok
11:47:44.0824 2780	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:47:44.0827 2780	Null - ok
11:47:44.0896 2780	NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
11:47:44.0910 2780	NVENETFD - ok
11:47:45.0180 2780	nvlddmkm        (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:47:45.0383 2780	nvlddmkm - ok
11:47:45.0500 2780	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
11:47:45.0508 2780	nvraid - ok
11:47:45.0542 2780	nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
11:47:45.0550 2780	nvstor - ok
11:47:45.0599 2780	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
11:47:45.0604 2780	nv_agp - ok
11:47:45.0655 2780	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
11:47:45.0659 2780	ohci1394 - ok
11:47:45.0716 2780	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:47:45.0720 2780	Parport - ok
11:47:45.0747 2780	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
11:47:45.0750 2780	partmgr - ok
11:47:45.0767 2780	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:47:45.0769 2780	Parvdm - ok
11:47:45.0803 2780	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
11:47:45.0808 2780	pci - ok
11:47:45.0826 2780	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
11:47:45.0828 2780	pciide - ok
11:47:45.0858 2780	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:47:45.0864 2780	pcmcia - ok
11:47:45.0889 2780	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:47:45.0892 2780	pcw - ok
11:47:45.0929 2780	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:47:45.0942 2780	PEAUTH - ok
11:47:46.0028 2780	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:47:46.0032 2780	PptpMiniport - ok
11:47:46.0056 2780	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:47:46.0059 2780	Processor - ok
11:47:46.0113 2780	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:47:46.0117 2780	Psched - ok
11:47:46.0171 2780	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:47:46.0197 2780	ql2300 - ok
11:47:46.0227 2780	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:47:46.0231 2780	ql40xx - ok
11:47:46.0255 2780	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:47:46.0257 2780	QWAVEdrv - ok
11:47:46.0274 2780	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:47:46.0277 2780	RasAcd - ok
11:47:46.0325 2780	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:47:46.0328 2780	RasAgileVpn - ok
11:47:46.0351 2780	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:47:46.0354 2780	Rasl2tp - ok
11:47:46.0379 2780	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:47:46.0383 2780	RasPppoe - ok
11:47:46.0402 2780	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:47:46.0406 2780	RasSstp - ok
11:47:46.0435 2780	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
11:47:46.0442 2780	rdbss - ok
11:47:46.0471 2780	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:47:46.0474 2780	rdpbus - ok
11:47:46.0495 2780	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:47:46.0498 2780	RDPCDD - ok
11:47:46.0532 2780	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:47:46.0535 2780	RDPENCDD - ok
11:47:46.0557 2780	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:47:46.0559 2780	RDPREFMP - ok
11:47:46.0589 2780	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
11:47:46.0594 2780	RDPWD - ok
11:47:46.0623 2780	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
11:47:46.0629 2780	rdyboost - ok
11:47:46.0672 2780	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
11:47:46.0675 2780	rismxdp - ok
11:47:46.0738 2780	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:47:46.0741 2780	rspndr - ok
11:47:46.0783 2780	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
11:47:46.0786 2780	sbp2port - ok
11:47:46.0816 2780	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
11:47:46.0819 2780	scfilter - ok
11:47:46.0876 2780	sdbus           (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
11:47:46.0886 2780	sdbus - ok
11:47:46.0933 2780	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:47:46.0939 2780	secdrv - ok
11:47:46.0989 2780	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:47:46.0992 2780	Serenum - ok
11:47:47.0016 2780	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:47:47.0020 2780	Serial - ok
11:47:47.0038 2780	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:47:47.0041 2780	sermouse - ok
11:47:47.0088 2780	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
11:47:47.0090 2780	sffdisk - ok
11:47:47.0106 2780	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:47:47.0108 2780	sffp_mmc - ok
11:47:47.0132 2780	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:47:47.0135 2780	sffp_sd - ok
11:47:47.0149 2780	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:47:47.0151 2780	sfloppy - ok
11:47:47.0175 2780	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
11:47:47.0179 2780	sisagp - ok
11:47:47.0212 2780	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:47:47.0215 2780	SiSRaid2 - ok
11:47:47.0242 2780	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:47:47.0245 2780	SiSRaid4 - ok
11:47:47.0274 2780	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:47:47.0278 2780	Smb - ok
11:47:47.0316 2780	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:47:47.0318 2780	spldr - ok
11:47:47.0385 2780	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
11:47:47.0393 2780	srv - ok
11:47:47.0422 2780	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
11:47:47.0430 2780	srv2 - ok
11:47:47.0489 2780	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:47:47.0500 2780	SrvHsfHDA - ok
11:47:47.0565 2780	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:47:47.0586 2780	SrvHsfV92 - ok
11:47:47.0624 2780	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:47:47.0638 2780	SrvHsfWinac - ok
11:47:47.0685 2780	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
11:47:47.0688 2780	srvnet - ok
11:47:47.0739 2780	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:47:47.0742 2780	stexstor - ok
11:47:47.0771 2780	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
11:47:47.0774 2780	swenum - ok
11:47:47.0863 2780	Tcpip           (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
11:47:47.0887 2780	Tcpip - ok
11:47:47.0934 2780	TCPIP6          (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
11:47:47.0945 2780	TCPIP6 - ok
11:47:47.0974 2780	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
11:47:47.0977 2780	tcpipreg - ok
11:47:48.0004 2780	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
11:47:48.0007 2780	TDPIPE - ok
11:47:48.0020 2780	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
11:47:48.0023 2780	TDTCP - ok
11:47:48.0048 2780	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
11:47:48.0051 2780	tdx - ok
11:47:48.0073 2780	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
11:47:48.0076 2780	TermDD - ok
11:47:48.0138 2780	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:47:48.0141 2780	tssecsrv - ok
11:47:48.0178 2780	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
11:47:48.0183 2780	tunnel - ok
11:47:48.0203 2780	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:47:48.0206 2780	uagp35 - ok
11:47:48.0234 2780	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
11:47:48.0241 2780	udfs - ok
11:47:48.0289 2780	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:47:48.0293 2780	uliagpkx - ok
11:47:48.0322 2780	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
11:47:48.0325 2780	umbus - ok
11:47:48.0355 2780	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:47:48.0357 2780	UmPass - ok
11:47:48.0401 2780	usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
11:47:48.0405 2780	usbccgp - ok
11:47:48.0439 2780	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
11:47:48.0442 2780	usbcir - ok
11:47:48.0469 2780	usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
11:47:48.0472 2780	usbehci - ok
11:47:48.0513 2780	usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
11:47:48.0520 2780	usbhub - ok
11:47:48.0543 2780	usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
11:47:48.0546 2780	usbohci - ok
11:47:48.0569 2780	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:47:48.0571 2780	usbprint - ok
11:47:48.0607 2780	USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:47:48.0610 2780	USBSTOR - ok
11:47:48.0634 2780	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
11:47:48.0637 2780	usbuhci - ok
11:47:48.0697 2780	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
11:47:48.0707 2780	usbvideo - ok
11:47:48.0775 2780	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:47:48.0784 2780	vdrvroot - ok
11:47:48.0825 2780	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:47:48.0828 2780	vga - ok
11:47:48.0848 2780	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:47:48.0851 2780	VgaSave - ok
11:47:48.0876 2780	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
11:47:48.0881 2780	vhdmp - ok
11:47:48.0904 2780	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
11:47:48.0908 2780	viaagp - ok
11:47:48.0931 2780	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:47:48.0935 2780	ViaC7 - ok
11:47:48.0958 2780	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
11:47:48.0961 2780	viaide - ok
11:47:48.0984 2780	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
11:47:48.0988 2780	volmgr - ok
11:47:49.0011 2780	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:47:49.0020 2780	volmgrx - ok
11:47:49.0043 2780	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
11:47:49.0050 2780	volsnap - ok
11:47:49.0079 2780	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:47:49.0083 2780	vsmraid - ok
11:47:49.0105 2780	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:47:49.0109 2780	vwifibus - ok
11:47:49.0146 2780	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:47:49.0149 2780	vwififlt - ok
11:47:49.0175 2780	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:47:49.0178 2780	WacomPen - ok
11:47:49.0215 2780	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
11:47:49.0219 2780	WANARP - ok
11:47:49.0224 2780	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
11:47:49.0227 2780	Wanarpv6 - ok
11:47:49.0277 2780	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:47:49.0280 2780	Wd - ok
11:47:49.0310 2780	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:47:49.0320 2780	Wdf01000 - ok
11:47:49.0394 2780	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:47:49.0397 2780	WfpLwf - ok
11:47:49.0417 2780	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:47:49.0420 2780	WIMMount - ok
11:47:49.0493 2780	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:47:49.0496 2780	WmiAcpi - ok
11:47:49.0538 2780	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:47:49.0541 2780	ws2ifsl - ok
11:47:49.0590 2780	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:47:49.0593 2780	WSDPrintDevice - ok
11:47:49.0628 2780	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
11:47:49.0632 2780	WudfPf - ok
11:47:49.0686 2780	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:47:49.0695 2780	WUDFRd - ok
11:47:49.0774 2780	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:47:49.0780 2780	\Device\Harddisk1\DR1 - ok
11:47:49.0787 2780	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:47:49.0793 2780	\Device\Harddisk0\DR0 - ok
11:47:49.0798 2780	Boot (0x1200)   (82d653d9529b0c08bae2d4a41c27da9e) \Device\Harddisk1\DR1\Partition0
11:47:49.0800 2780	\Device\Harddisk1\DR1\Partition0 - ok
11:47:49.0831 2780	Boot (0x1200)   (c4e277d4370c6295b4e5b070568de19f) \Device\Harddisk1\DR1\Partition1
11:47:49.0833 2780	\Device\Harddisk1\DR1\Partition1 - ok
11:47:49.0838 2780	Boot (0x1200)   (87d0eb966d52ab9451d3bbdb57214a1f) \Device\Harddisk0\DR0\Partition0
11:47:49.0839 2780	\Device\Harddisk0\DR0\Partition0 - ok
11:47:49.0842 2780	============================================================
11:47:49.0842 2780	Scan finished
11:47:49.0842 2780	============================================================
11:47:49.0860 4088	Detected object count: 0
11:47:49.0860 4088	Actual detected object count: 0
11:47:59.0745 3840	Deinitialize success

And as far as aswMBR goes, only the fixMBR button was enabled :
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-06 11:48:53
-----------------------------
11:48:53.818    OS Version: Windows 6.1.7600 
11:48:53.819    Number of processors: 2 586 0x6801
11:48:53.821    ComputerName: MOM-PC  UserName: Mom
11:48:55.514    Initialize success
11:48:56.055    AVAST engine defs: 11110601
11:49:01.403    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
11:49:01.411    Disk 0 Vendor: WDC_WD800BEVS-60RST0 04.01G04 Size: 76319MB BusType: 3
11:49:01.426    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
11:49:01.437    Disk 1 Vendor: SAMSUNG_HM121HI LZ100-10 Size: 114473MB BusType: 3
11:49:03.466    Disk 1 MBR read successfully
11:49:03.477    Disk 1 MBR scan
11:49:03.536    Disk 1 Windows 7 default MBR code
11:49:03.548    Disk 1 scanning sectors +234436545
11:49:03.625    Disk 1 scanning C:\Windows\system32\drivers
11:49:17.610    Service scanning
11:49:24.250    Modules scanning
11:49:32.031    Module: C:\Windows\System32\user32.dll  **SUSPICIOUS**
11:49:33.941    Disk 1 trace - called modules:
11:49:34.361    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
11:49:34.386    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x855ee950]
11:49:34.401    3 CLASSPNP.SYS[8899459e] -> nt!IofCallDriver -> [0x85520918]
11:49:34.412    5 ACPI.sys[884133b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8550c030]
11:49:34.997    AVAST engine scan C:\Windows
11:49:37.416    AVAST engine scan C:\Windows\system32
11:51:21.183    AVAST engine scan C:\Windows\system32\drivers
11:51:31.749    AVAST engine scan C:\Users\Mom
11:52:34.485    AVAST engine scan C:\ProgramData
11:52:52.271    Scan finished successfully
11:53:38.007    Disk 1 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"
11:53:38.018    The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Both combofix and aswmbr are flagging c:\windows\System32\user32.dll

Let's take a closer look at it:

Copy the text in the code box by highlighting and Ctrl + c

/md5start
user32.dll
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, it shouldn't need to reboot. You should only get one log. Copy and Paste it into a reply.

Your event logs are saying that Windows is not happy. It claims it is not activated and also it is showing some ugly hardware errors. Run the builtin memory check:

To run the Memory Diagnostics Tool manually

If the Windows Memory Diagnostics tool doesn't run automatically, you can run it manually.

Open Memory Diagnostics Tool by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type Memory, and then click Diagnose your computer's memory problems.‌ Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Choose when to run the tool.

I expect it will want to reboot in order to run the test. IF it passes the memory test then:


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Then check to see if Win 7 is activated.
http://windows.micro...-7-is-activated
if not go through the process here:
http://windows.micro...n-this-computer

Ron
  • 0

#5
brandonlile

brandonlile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Quick question. Since all my start menu items are gone, the administrative event viewer is no longer there. What do you suggest I do, since when I click manage I get that error?
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Can you skip to the bottom and do the part that starts with:


Then check to see if Win 7 is activated.

When the timer runs down on Windows activation it pretty much limits windows to basic things. Might be what has happened here.
  • 0

#7
brandonlile

brandonlile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, after doing that step it turns out there wasn't even an activation section in the properties of the computer... Which is very strange, because I confirmed that I was doing the right thing by performing the same action on my laptop. In order to activate it say's I need a key, and the person that she bought the computer from did not provide any sort of recovery disc etc...

So basically what I'm understanding now is that the person who sold it to us needs to provide us with the key for windows?
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Usually the key is on a sticker on the PC somewhere if it came from the factory with Windows installed. How long have you had this PC?
  • 0

#9
brandonlile

brandonlile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Beginning of the summer maybe
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
If you can get Speccy to run and there is a license key on the PC then it will show it:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and find the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Do not post or attach the file to your next post. I don't need to see it and if the serial number exists we do not want to publish it to the internet.

Ron
  • 0

#11
brandonlile

brandonlile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok I did that and I found the serial number
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
See if this helps:

http://www.intelliad...dialog-to-show/
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP