Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

amital!dat and Trojan.Boaxxe detected Adsl Router strange behavio


  • Please log in to reply

#16
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements


#17
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Great glad to hear that! It's been my pleasure getting the opportunity to work with you. Since this issue has been resolved, this thread will be closed. You will still have access to this thread, so that if you need future access to it, you'll have it.

Please take care, and remain safe out there on the internet.

Kindest Regards,
SweetTech.
  • 0

#18
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Sorry to hear that you're still experiencing issues.

Lets run a few scans and see whats going on with your machine.


Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

  • 0

#19
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi - GMER kept crashing after some very long scans (6 hours) but it eventually worked in safe mode. I ran OTL in safe mode as well.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-17 13:44:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 WDC_WD25 rev.12.0
Running: gmer.exe; Driver: C:\Users\Kieran\AppData\Local\Temp\pwldapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82257369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82290D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0fe5e4
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x6F 0x5B 0xA6 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0fe5e4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x6F 0x5B 0xA6 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86ED9FC0-3A25-62BA-BA82-DC30FE45E874}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86ED9FC0-3A25-62BA-BA82-DC30FE45E874}@oalapiaflmfpiplllgdigmkjndkiak 0x6B 0x61 0x6B 0x69 ...

---- EOF - GMER 1.0.15 ----
OTL logfile created on: 17/12/2011 13:48:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kieran\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 69.35% Memory free
6.49 Gb Paging File | 5.68 Gb Available in Paging File | 87.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.78 Gb Total Space | 56.88 Gb Free Space | 26.12% Space Free | Partition Type: NTFS
Drive D: | 232.83 Gb Total Space | 52.85 Gb Free Space | 22.70% Space Free | Partition Type: NTFS
Drive E: | 15.00 Gb Total Space | 10.60 Gb Free Space | 70.67% Space Free | Partition Type: NTFS
Drive Q: | 991.22 Mb Total Space | 982.41 Mb Free Space | 99.11% Space Free | Partition Type: FAT
Drive Y: | 465.76 Gb Total Space | 0.51 Gb Free Space | 0.11% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 64.66 Gb Free Space | 13.88% Space Free | Partition Type: NTFS

Computer Name: DELLPC | User Name: Kieran | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 16:03:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kieran\Downloads\OTL.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 01:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/11/30 15:03:48 | 000,434,688 | ---- | M] () -- C:\Program Files\TotalAudioConverter\axTotalConverter.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto | Stopped] -- -- (Belkin High-Speed Mode Wireless G USB Network Adapter Service)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/07 23:50:50 | 000,085,184 | ---- | M] (Macrovision ) [Auto | Stopped] -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/05/18 11:58:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/10 12:29:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/10/11 05:36:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/05/07 23:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/03/14 12:15:36 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/08/08 17:51:48 | 000,410,904 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/06/27 10:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 10:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 10:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 10:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 10:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 10:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 10:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/17 00:01:45 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C939DEC5-93DB-4FC6-A218-3E8248B7FD5E}\MpKsl88fbdbfd.sys -- (MpKsl88fbdbfd)
DRV - [2011/11/21 19:22:27 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/06/15 08:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/05/21 05:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 09:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/11 14:57:40 | 000,021,080 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\CsNdisLWF.sys -- (CsNdisLWF)
DRV - [2010/09/22 19:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/06/24 12:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 12:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/05 17:36:12 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/05 17:36:04 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/05 17:35:56 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/05 17:35:48 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/05 17:31:40 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/05 17:31:24 | 000,528,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/05/05 17:31:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/05/05 17:27:08 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2010/05/05 17:27:08 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/05 17:26:58 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2010/05/05 17:26:58 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/05 17:26:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2010/05/05 17:26:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010/04/27 02:25:14 | 000,132,608 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2010/04/27 02:25:14 | 000,104,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2010/04/27 02:25:14 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2010/01/07 09:20:00 | 000,583,680 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/07/13 23:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/05 18:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel®
DRV - [2009/05/25 15:00:13 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/17 16:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)
DRV - [2007/09/12 08:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/06/11 13:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/06/01 13:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 16:44:00 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/02/18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.ie/ [binary data]
IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kieran\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kieran\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/12/15 02:15:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/12/15 02:15:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 09:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/07/26 16:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/27 01:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/15 02:15:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/15 02:15:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/15 02:15:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 09:30:00 | 000,000,000 | ---D | M]

[2009/10/30 15:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Extensions
[2009/10/30 15:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/26 01:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\pqgl9gps.default\extensions
[2011/10/26 01:21:40 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\pqgl9gps.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/12/03 03:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/03 03:56:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/17 20:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2009/10/19 23:52:13 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2009/10/19 23:52:13 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2009/10/19 23:52:13 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/07/19 00:36:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/17 20:37:16 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/04/25 12:41:55 | 000,024,576 | ---- | M] (Avantstar, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPQ00032.DLL
[2011/10/26 18:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2006/03/22 02:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/07/20 10:00:00 | 000,086,016 | ---- | M] (Avantstar, Inc.) -- C:\Program Files\mozilla firefox\plugins\QVPLUG32.DLL
[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Quick View Plus for Windows XP and Windows 2000 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPQ00032.DLL
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: RubbishBooks = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklfihmmokekepifllhpdlkobiplpklj\2.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Vuze Remote = C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.2.4_0\

O1 HOSTS File: ([2011/12/14 22:56:52 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001..\Run: [googletalk] C:\Users\Kieran\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1119982138-2822077597-1950866782-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F01F3E6-79F9-4D75-9AE7-7FC259867E8A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E4B2DE6-0546-49F3-8113-23325632B8A5}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\Windows\qvphook.dll (Avantstar, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/29 08:57:26 | 000,000,032 | ---- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005/09/29 08:57:26 | 000,000,032 | ---- | M] () - Z:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 12:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/12/15 11:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisiPics
[2011/12/15 11:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\VisiPics
[2011/12/15 11:40:25 | 000,000,000 | ---D | C] -- C:\Users\Kieran\boredoms magazine
[2011/12/15 02:15:34 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/12/15 02:15:23 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/12/15 02:15:23 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/12/15 02:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/12/15 01:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/15 01:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/15 00:59:22 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{7B8C9B01-C954-47DB-9838-9FA6FC343159}
[2011/12/15 00:59:11 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{3F8086DA-9CEE-4C42-BD0B-551D7F884E03}
[2011/12/15 00:58:49 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{4DE17CE6-6383-448B-B528-A8DEF5325366}
[2011/12/15 00:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{38C5AF37-3CF3-41F4-ADFC-D50B4D6F2D60}
[2011/12/15 00:56:56 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{A62C15D7-9C11-4FD1-B590-29FD9517D164}
[2011/12/15 00:56:43 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{F66EDB41-860E-4E28-9A86-5011BA5CBB96}
[2011/12/14 10:44:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 10:44:27 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/14 10:44:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 10:44:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 10:44:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 10:44:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 09:08:05 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 09:08:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 09:08:00 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 09:07:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 09:07:58 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 09:07:58 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 00:19:52 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011/12/03 03:56:14 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/12/03 03:56:13 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/12/03 03:56:12 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/11/30 01:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Quick Search Box
[2011/11/30 00:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Colasoft Shared
[2011/11/30 00:10:44 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\Colasoft MAC Scanner
[2011/11/30 00:10:43 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\Colasoft Capsa 7.4 - WiFi Edition Demo
[2011/11/30 00:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Colasoft Capsa 7.4 - WiFi Edition Demo
[2011/11/30 00:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Colasoft Capsa 7 WiFi Demo
[2011/11/30 00:08:25 | 000,021,080 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\CsNdisLWF.sys
[2011/11/30 00:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Colasoft Capsa 7 WiFi Demo
[2011/11/30 00:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Colasoft Capsa 7 WiFi Demo Edition
[2011/11/29 22:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiFi-Manager
[2011/11/29 22:49:05 | 000,440,320 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\System32\WiFiMan.dll
[2011/11/29 22:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\WiFi-Manager
[2011/11/29 01:10:41 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{959B1586-0C9E-4674-A5C6-572A0E59242E}
[2011/11/29 01:09:16 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{6EFEBBBD-0679-421F-A2F5-E51406027DC2}
[2011/11/29 01:08:50 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{72D089FD-AC0D-4BB0-A823-2C850E8C15EE}
[2011/11/29 01:08:00 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{E88C6ADB-AD30-44F1-9DC8-492E412B5385}
[2011/11/29 01:04:38 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{5ABA5004-9DE3-4E29-83D1-6F6AA146E64C}
[2011/11/29 01:04:26 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{DB9760DE-AEE4-4637-BEAD-BDEC0ADDCDEB}
[2011/11/29 01:04:11 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\{8481223C-CBEA-4FCD-9910-265095580145}
[2011/11/29 00:53:22 | 000,000,000 | ---D | C] -- C:\Windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
[2011/11/24 14:58:38 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Local\WinZip
[2011/11/23 00:10:15 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\WinZip
[2011/11/21 19:54:27 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\OpenCandy
[2011/11/21 19:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/11/21 19:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/11/21 19:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/11/21 19:22:27 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/11/21 19:11:04 | 000,000,000 | ---D | C] -- C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/11/20 10:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/11/17 20:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/17 18:35:56 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2010/05/05 15:53:36 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010/05/05 15:32:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/12/17 03:00:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/17 03:00:38 | 2615,611,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/17 02:53:48 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/12/17 02:53:48 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/12/17 02:53:48 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2011/12/17 02:51:20 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 02:51:20 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 02:45:57 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/17 02:45:19 | 526,279,222 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/17 02:34:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/17 02:01:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119982138-2822077597-1950866782-1001UA.job
[2011/12/17 00:01:41 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/16 19:11:34 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119982138-2822077597-1950866782-1001Core.job
[2011/12/16 09:00:00 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SyncBack Music Backup.job
[2011/12/16 02:04:56 | 000,000,650 | ---- | M] () -- C:\Users\Kieran\Desktop\Movies.lnk
[2011/12/16 02:04:36 | 000,000,756 | ---- | M] () -- C:\Users\Kieran\Desktop\Hazel.lnk
[2011/12/15 16:38:51 | 000,000,747 | ---- | M] () -- C:\Users\Kieran\Music Library - Shortcut.lnk
[2011/12/15 12:35:10 | 000,001,715 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/15 12:18:00 | 000,028,160 | ---- | M] () -- C:\Users\Kieran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 12:09:58 | 000,001,054 | ---- | M] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/12/15 12:09:58 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/12/15 02:58:20 | 000,001,789 | ---- | M] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/12/15 02:15:34 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/12/15 02:15:23 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/12/15 02:15:23 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/12/15 02:15:22 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/12/15 01:18:33 | 000,001,115 | ---- | M] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/12/14 22:56:52 | 000,000,822 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/14 11:16:14 | 003,511,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/14 00:19:52 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011/12/09 12:25:49 | 000,702,142 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2011/12/09 12:25:49 | 000,666,210 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/12/09 12:25:49 | 000,641,796 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/09 12:25:49 | 000,460,018 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2011/12/09 12:25:49 | 000,377,912 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2011/12/09 12:25:49 | 000,142,960 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2011/12/09 12:25:49 | 000,121,318 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/12/09 12:25:49 | 000,116,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/09 12:25:49 | 000,088,674 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2011/12/09 12:25:49 | 000,078,784 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2011/12/01 22:21:59 | 000,002,503 | ---- | M] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/11/30 00:08:31 | 000,001,118 | ---- | M] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\Colasoft Capsa 7 WiFi Demo.lnk
[2011/11/25 18:34:56 | 000,440,320 | ---- | M] (Nicomsoft Ltd.) -- C:\Windows\System32\WiFiMan.dll
[2011/11/24 04:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/21 19:54:56 | 000,000,927 | ---- | M] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/11/21 19:22:27 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/11/17 20:37:12 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/11/17 20:37:12 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/11/17 20:37:12 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/11/17 20:37:11 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/11/17 18:35:56 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/12/16 16:11:03 | 000,302,592 | ---- | C] () -- C:\Users\Kieran\Desktop\gmer.exe
[2011/12/15 16:38:51 | 000,000,747 | ---- | C] () -- C:\Users\Kieran\Music Library - Shortcut.lnk
[2011/12/15 12:09:58 | 000,001,054 | ---- | C] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/12/15 12:09:58 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/12/15 01:24:03 | 000,001,715 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/30 00:08:31 | 000,001,118 | ---- | C] () -- C:\Users\Kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\Colasoft Capsa 7 WiFi Demo.lnk
[2011/11/20 10:57:31 | 000,001,911 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/07/26 16:38:35 | 000,231,210 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2011/04/19 09:54:03 | 000,000,094 | ---- | C] () -- C:\Users\Kieran\AppData\Local\fusioncache.dat
[2011/03/04 15:01:56 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/04 15:01:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/25 15:29:17 | 002,529,622 | ---- | C] () -- C:\Users\Kieran\AppData\Local\[j0005]-[p02].bmp
[2011/02/25 15:29:14 | 002,529,622 | ---- | C] () -- C:\Users\Kieran\AppData\Local\[j0005]-[p01].bmp
[2011/01/24 23:00:33 | 000,272,392 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/24 22:25:06 | 000,061,909 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/01/13 03:37:13 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/13 03:37:12 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/13 03:37:12 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/13 03:37:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/13 03:37:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/01/05 01:42:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/01/05 01:42:22 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/01/05 01:18:17 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/01/04 12:04:28 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/01/04 12:03:37 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/01/04 12:03:36 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/01/04 12:03:36 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/01/04 12:03:36 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/10/20 13:43:45 | 000,000,010 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\install
[2010/07/14 02:45:03 | 005,653,224 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/05/12 22:16:31 | 000,000,000 | ---- | C] () -- C:\Users\Kieran\AppData\Local\prvlcl.dat
[2010/05/05 16:34:20 | 000,027,039 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010/05/05 16:34:16 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/05/05 15:51:04 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2010/05/05 15:40:40 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2010/05/05 15:40:40 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2010/05/05 15:35:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010/05/05 15:32:26 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2010/04/28 09:29:35 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/20 21:08:31 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010/04/20 17:20:46 | 000,228,882 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/01/11 03:16:24 | 000,040,960 | ---- | C] () -- C:\Windows\DelPiv.exe
[2010/01/06 02:27:32 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2009/12/03 01:19:28 | 000,460,018 | ---- | C] () -- C:\Windows\System32\perfh001.dat
[2009/12/03 01:19:28 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/12/03 01:19:28 | 000,289,060 | ---- | C] () -- C:\Windows\System32\perfi001.dat
[2009/12/03 01:19:28 | 000,088,674 | ---- | C] () -- C:\Windows\System32\perfc001.dat
[2009/12/03 01:19:28 | 000,042,056 | ---- | C] () -- C:\Windows\System32\perfd001.dat
[2009/12/03 01:19:27 | 000,666,210 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/12/03 01:19:27 | 000,121,318 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/12/03 01:19:27 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/12/03 01:12:54 | 000,336,704 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2009/12/03 01:12:53 | 000,702,142 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2009/12/03 01:12:53 | 000,142,960 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2009/12/03 01:12:53 | 000,039,446 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2009/12/03 01:06:35 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat
[2009/12/03 01:06:34 | 000,377,912 | ---- | C] () -- C:\Windows\System32\perfh00D.dat
[2009/12/03 01:06:34 | 000,078,784 | ---- | C] () -- C:\Windows\System32\perfc00D.dat
[2009/12/03 01:06:34 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat
[2009/11/25 12:08:37 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/11/19 01:28:42 | 000,000,017 | ---- | C] () -- C:\Users\Kieran\AppData\Local\resmon.resmoncfg
[2009/11/06 09:17:18 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009/10/16 02:32:25 | 000,028,160 | ---- | C] () -- C:\Users\Kieran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 16:49:29 | 000,000,000 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\wklnhst.dat
[2009/10/11 04:32:18 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/11 03:48:16 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/11 03:48:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 003,511,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,641,796 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,116,078 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/06 11:05:26 | 000,059,791 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\Artwork.jpg
[2009/06/18 03:34:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/03 11:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/05/26 09:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2008/10/07 00:09:13 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008/10/07 00:09:12 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008/10/07 00:09:12 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008/10/07 00:09:12 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008/10/07 00:09:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/09/14 22:42:28 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/09/14 22:17:35 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/09/14 21:37:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/02/29 03:12:36 | 000,000,672 | ---- | C] () -- C:\Windows\mozver.dat
[2008/02/22 17:22:25 | 000,024,206 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\UserTile.png
[2008/02/21 11:34:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/16 07:46:49 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/02/16 00:00:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FontZoom.exe
[2008/02/16 00:00:12 | 000,131,062 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/06/21 09:49:24 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/07/22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

< End of report >
  • 0

#20
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please run these scans:

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 1

#21
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
12:27:18.0431 5928 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
12:27:18.0675 5928 ============================================================
12:27:18.0675 5928 Current date / time: 2011/12/18 12:27:18.0675
12:27:18.0675 5928 SystemInfo:
12:27:18.0675 5928
12:27:18.0675 5928 OS Version: 6.1.7601 ServicePack: 1.0
12:27:18.0675 5928 Product type: Workstation
12:27:18.0676 5928 ComputerName: DELLPC
12:27:18.0676 5928 UserName: Kieran
12:27:18.0676 5928 Windows directory: C:\Windows
12:27:18.0676 5928 System windows directory: C:\Windows
12:27:18.0676 5928 Processor architecture: Intel x86
12:27:18.0676 5928 Number of processors: 4
12:27:18.0676 5928 Page size: 0x1000
12:27:18.0676 5928 Boot type: Normal boot
12:27:18.0676 5928 ============================================================
12:27:42.0223 5928 Initialize success
12:28:13.0821 2044 ============================================================
12:28:13.0821 2044 Scan started
12:28:13.0821 2044 Mode: Manual; SigCheck; TDLFS;
12:28:13.0821 2044 ============================================================
12:28:16.0131 2044 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:28:16.0318 2044 1394ohci - ok
12:28:16.0466 2044 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:28:16.0481 2044 ACPI - ok
12:28:16.0557 2044 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:28:16.0759 2044 AcpiPmi - ok
12:28:16.0921 2044 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:28:16.0941 2044 adp94xx - ok
12:28:17.0000 2044 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:28:17.0015 2044 adpahci - ok
12:28:17.0042 2044 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:28:17.0054 2044 adpu320 - ok
12:28:17.0122 2044 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\Windows\system32\DRIVERS\AegisP.sys
12:28:17.0165 2044 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:28:17.0165 2044 AegisP - detected UnsignedFile.Multi.Generic (1)
12:28:17.0255 2044 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:28:17.0444 2044 AFD - ok
12:28:17.0506 2044 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:28:17.0517 2044 agp440 - ok
12:28:17.0580 2044 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:28:17.0591 2044 aic78xx - ok
12:28:17.0689 2044 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:28:17.0699 2044 aliide - ok
12:28:17.0748 2044 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:28:17.0759 2044 amdagp - ok
12:28:17.0777 2044 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:28:17.0786 2044 amdide - ok
12:28:17.0847 2044 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:28:17.0902 2044 AmdK8 - ok
12:28:17.0953 2044 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:28:17.0996 2044 AmdPPM - ok
12:28:18.0074 2044 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:28:18.0086 2044 amdsata - ok
12:28:18.0188 2044 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:28:18.0202 2044 amdsbs - ok
12:28:18.0229 2044 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:28:18.0238 2044 amdxata - ok
12:28:18.0303 2044 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:28:18.0418 2044 AppID - ok
12:28:18.0556 2044 appliand (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
12:28:18.0584 2044 appliand - ok
12:28:18.0603 2044 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
12:28:18.0610 2044 appliandMP - ok
12:28:18.0696 2044 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:28:18.0707 2044 arc - ok
12:28:18.0764 2044 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:28:18.0776 2044 arcsas - ok
12:28:18.0826 2044 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:28:19.0021 2044 AsyncMac - ok
12:28:19.0091 2044 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:28:19.0101 2044 atapi - ok
12:28:19.0209 2044 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:28:19.0281 2044 b06bdrv - ok
12:28:19.0364 2044 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:28:19.0400 2044 b57nd60x - ok
12:28:19.0471 2044 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:28:19.0522 2044 Beep - ok
12:28:19.0670 2044 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:28:19.0710 2044 blbdrive - ok
12:28:19.0801 2044 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:28:19.0859 2044 bowser - ok
12:28:19.0900 2044 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:28:19.0945 2044 BrFiltLo - ok
12:28:19.0977 2044 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:28:20.0014 2044 BrFiltUp - ok
12:28:20.0057 2044 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:28:20.0117 2044 Brserid - ok
12:28:20.0169 2044 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:28:20.0252 2044 BrSerWdm - ok
12:28:20.0287 2044 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:28:20.0326 2044 BrUsbMdm - ok
12:28:20.0406 2044 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:28:20.0442 2044 BrUsbSer - ok
12:28:20.0514 2044 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
12:28:20.0611 2044 BthEnum - ok
12:28:20.0633 2044 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:28:20.0671 2044 BTHMODEM - ok
12:28:20.0741 2044 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
12:28:20.0778 2044 BthPan - ok
12:28:20.0850 2044 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
12:28:20.0920 2044 BTHPORT - ok
12:28:20.0961 2044 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
12:28:20.0990 2044 BTHUSB - ok
12:28:21.0117 2044 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:28:21.0165 2044 cdfs - ok
12:28:21.0237 2044 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:28:21.0281 2044 cdrom - ok
12:28:21.0322 2044 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:28:21.0371 2044 circlass - ok
12:28:21.0420 2044 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:28:21.0434 2044 CLFS - ok
12:28:21.0485 2044 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:28:21.0542 2044 CmBatt - ok
12:28:21.0601 2044 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:28:21.0611 2044 cmdide - ok
12:28:21.0646 2044 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
12:28:21.0685 2044 CNG - ok
12:28:21.0706 2044 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:28:21.0716 2044 Compbatt - ok
12:28:21.0842 2044 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:28:21.0878 2044 CompositeBus - ok
12:28:21.0921 2044 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:28:21.0931 2044 crcdisk - ok
12:28:22.0068 2044 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:28:22.0139 2044 CSC - ok
12:28:22.0176 2044 CSN5PDTS82 - ok
12:28:22.0186 2044 CSN5PDTS82x64 - ok
12:28:22.0235 2044 CsNdisLWF (cb59b8e7241a06e0278a4eacaaaba5ea) C:\Windows\system32\DRIVERS\CsNdisLWF.sys
12:28:22.0243 2044 CsNdisLWF - ok
12:28:22.0296 2044 CT20XUT (92ef3400636bd8e9ca6144b089a943f0) C:\Windows\system32\drivers\CT20XUT.SYS
12:28:22.0307 2044 CT20XUT - ok
12:28:22.0337 2044 CT20XUT.SYS (92ef3400636bd8e9ca6144b089a943f0) C:\Windows\System32\drivers\CT20XUT.SYS
12:28:22.0346 2044 CT20XUT.SYS - ok
12:28:22.0400 2044 ctac32k (20f2e80701fdd71edd8eae474db72bcc) C:\Windows\system32\drivers\ctac32k.sys
12:28:22.0423 2044 ctac32k - ok
12:28:22.0451 2044 ctaud2k (6dbe16ddf1ee79691443a0491308dd17) C:\Windows\system32\drivers\ctaud2k.sys
12:28:22.0496 2044 ctaud2k - ok
12:28:22.0626 2044 CTEXFIFX (68adfc2bf18cbdd7acee0eeeeb242d1e) C:\Windows\system32\drivers\CTEXFIFX.SYS
12:28:22.0677 2044 CTEXFIFX - ok
12:28:22.0743 2044 CTEXFIFX.SYS (68adfc2bf18cbdd7acee0eeeeb242d1e) C:\Windows\System32\drivers\CTEXFIFX.SYS
12:28:22.0768 2044 CTEXFIFX.SYS - ok
12:28:22.0821 2044 CTHWIUT (522f2a3dc88c8ca0c19a7d4bfda38512) C:\Windows\system32\drivers\CTHWIUT.SYS
12:28:22.0830 2044 CTHWIUT - ok
12:28:22.0841 2044 CTHWIUT.SYS (522f2a3dc88c8ca0c19a7d4bfda38512) C:\Windows\System32\drivers\CTHWIUT.SYS
12:28:22.0848 2044 CTHWIUT.SYS - ok
12:28:22.0861 2044 ctprxy2k (8895f03ff0f72d46f34212d0c545f17b) C:\Windows\system32\drivers\ctprxy2k.sys
12:28:22.0868 2044 ctprxy2k - ok
12:28:22.0888 2044 ctsfm2k (17f772d7d1803956ca4c978634acb977) C:\Windows\system32\drivers\ctsfm2k.sys
12:28:22.0898 2044 ctsfm2k - ok
12:28:22.0959 2044 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:28:22.0998 2044 DfsC - ok
12:28:23.0069 2044 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:28:23.0147 2044 discache - ok
12:28:23.0266 2044 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:28:23.0276 2044 Disk - ok
12:28:23.0332 2044 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
12:28:23.0366 2044 dot4 - ok
12:28:23.0433 2044 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
12:28:23.0487 2044 Dot4Print - ok
12:28:23.0520 2044 Dot4Scan (9f7de667c505ce6500becdd8e11644d7) C:\Windows\system32\DRIVERS\Dot4Scan.sys
12:28:23.0550 2044 Dot4Scan - ok
12:28:23.0579 2044 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
12:28:23.0612 2044 dot4usb - ok
12:28:23.0692 2044 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:28:23.0725 2044 drmkaud - ok
12:28:23.0803 2044 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:28:23.0815 2044 dtsoftbus01 - ok
12:28:23.0875 2044 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:28:23.0987 2044 DXGKrnl - ok
12:28:24.0050 2044 e1express (0535bfbedb9378ddd15bdf9957d57d71) C:\Windows\system32\DRIVERS\e1e6232.sys
12:28:24.0062 2044 e1express - ok
12:28:24.0173 2044 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:28:24.0348 2044 ebdrv - ok
12:28:24.0407 2044 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:28:24.0425 2044 elxstor - ok
12:28:24.0468 2044 emupia (ce9bb4eabcd82293662c54713edcad1e) C:\Windows\system32\drivers\emupia2k.sys
12:28:24.0477 2044 emupia - ok
12:28:24.0523 2044 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:28:24.0646 2044 ErrDev - ok
12:28:24.0721 2044 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:28:24.0766 2044 exfat - ok
12:28:24.0796 2044 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:28:24.0841 2044 fastfat - ok
12:28:24.0880 2044 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:28:24.0907 2044 fdc - ok
12:28:24.0940 2044 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:28:24.0951 2044 FileInfo - ok
12:28:24.0986 2044 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:28:25.0040 2044 Filetrace - ok
12:28:25.0065 2044 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:28:25.0094 2044 flpydisk - ok
12:28:25.0133 2044 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:28:25.0147 2044 FltMgr - ok
12:28:25.0168 2044 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:28:25.0178 2044 FsDepends - ok
12:28:25.0228 2044 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
12:28:25.0238 2044 fssfltr - ok
12:28:25.0355 2044 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
12:28:25.0377 2044 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
12:28:25.0377 2044 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
12:28:25.0412 2044 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
12:28:25.0422 2044 Fs_Rec - ok
12:28:25.0485 2044 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:28:25.0500 2044 fvevol - ok
12:28:25.0529 2044 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:28:25.0540 2044 gagp30kx - ok
12:28:25.0592 2044 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:28:25.0599 2044 GEARAspiWDM - ok
12:28:25.0722 2044 ha20x2k (f70ddccc0b45cf9e08ca91b187526f43) C:\Windows\system32\drivers\ha20x2k.sys
12:28:25.0763 2044 ha20x2k - ok
12:28:25.0783 2044 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:28:25.0845 2044 hcw85cir - ok
12:28:25.0954 2044 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:28:25.0972 2044 HDAudBus - ok
12:28:25.0989 2044 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:28:26.0022 2044 HidBatt - ok
12:28:26.0052 2044 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:28:26.0088 2044 HidBth - ok
12:28:26.0119 2044 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:28:26.0150 2044 HidIr - ok
12:28:26.0191 2044 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:28:26.0223 2044 HidUsb - ok
12:28:26.0287 2044 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:28:26.0298 2044 HpSAMD - ok
12:28:26.0374 2044 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:28:26.0474 2044 HTTP - ok
12:28:26.0544 2044 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:28:26.0553 2044 hwpolicy - ok
12:28:26.0605 2044 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:28:26.0618 2044 i8042prt - ok
12:28:26.0650 2044 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
12:28:26.0661 2044 iaStor - ok
12:28:26.0716 2044 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:28:26.0732 2044 iaStorV - ok
12:28:26.0813 2044 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:28:26.0825 2044 iirsp - ok
12:28:26.0897 2044 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:28:26.0907 2044 intelide - ok
12:28:26.0953 2044 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:28:26.0983 2044 intelppm - ok
12:28:27.0021 2044 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:28:27.0147 2044 IpFilterDriver - ok
12:28:27.0210 2044 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:28:27.0223 2044 IPMIDRV - ok
12:28:27.0243 2044 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:28:27.0288 2044 IPNAT - ok
12:28:27.0366 2044 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:28:27.0442 2044 IRENUM - ok
12:28:27.0491 2044 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:28:27.0501 2044 isapnp - ok
12:28:27.0550 2044 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:28:27.0675 2044 iScsiPrt - ok
12:28:27.0704 2044 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:28:27.0715 2044 kbdclass - ok
12:28:27.0756 2044 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
12:28:27.0790 2044 kbdhid - ok
12:28:27.0831 2044 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
12:28:27.0842 2044 KSecDD - ok
12:28:27.0896 2044 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
12:28:27.0908 2044 KSecPkg - ok
12:28:27.0951 2044 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:28:27.0997 2044 lltdio - ok
12:28:28.0049 2044 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:28:28.0060 2044 LSI_FC - ok
12:28:28.0081 2044 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:28:28.0093 2044 LSI_SAS - ok
12:28:28.0112 2044 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:28:28.0123 2044 LSI_SAS2 - ok
12:28:28.0215 2044 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:28:28.0228 2044 LSI_SCSI - ok
12:28:28.0254 2044 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:28:28.0307 2044 luafv - ok
12:28:28.0337 2044 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:28:28.0347 2044 megasas - ok
12:28:28.0366 2044 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:28:28.0380 2044 MegaSR - ok
12:28:28.0427 2044 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:28:28.0485 2044 Modem - ok
12:28:28.0522 2044 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:28:28.0553 2044 monitor - ok
12:28:28.0622 2044 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:28:28.0632 2044 mouclass - ok
12:28:28.0655 2044 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:28:28.0688 2044 mouhid - ok
12:28:28.0728 2044 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:28:28.0739 2044 mountmgr - ok
12:28:28.0888 2044 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
12:28:28.0901 2044 MpFilter - ok
12:28:28.0958 2044 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:28:28.0970 2044 mpio - ok
12:28:29.0062 2044 MpKsl88fbdbfd - ok
12:28:29.0129 2044 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:28:29.0138 2044 MpNWMon - ok
12:28:29.0189 2044 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:28:29.0238 2044 mpsdrv - ok
12:28:29.0273 2044 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:28:29.0319 2044 MRxDAV - ok
12:28:29.0392 2044 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:28:29.0522 2044 mrxsmb - ok
12:28:29.0576 2044 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:28:29.0590 2044 mrxsmb10 - ok
12:28:29.0609 2044 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:28:29.0649 2044 mrxsmb20 - ok
12:28:29.0705 2044 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:28:29.0716 2044 msahci - ok
12:28:29.0768 2044 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:28:29.0780 2044 msdsm - ok
12:28:29.0843 2044 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:28:29.0890 2044 Msfs - ok
12:28:29.0964 2044 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:28:30.0017 2044 mshidkmdf - ok
12:28:30.0066 2044 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:28:30.0076 2044 msisadrv - ok
12:28:30.0115 2044 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:28:30.0155 2044 MSKSSRV - ok
12:28:30.0210 2044 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:28:30.0251 2044 MSPCLOCK - ok
12:28:30.0299 2044 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:28:30.0340 2044 MSPQM - ok
12:28:30.0370 2044 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:28:30.0384 2044 MsRPC - ok
12:28:30.0467 2044 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:28:30.0476 2044 mssmbios - ok
12:28:30.0506 2044 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:28:30.0555 2044 MSTEE - ok
12:28:30.0595 2044 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:28:30.0625 2044 MTConfig - ok
12:28:30.0652 2044 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:28:30.0663 2044 Mup - ok
12:28:30.0707 2044 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:28:30.0742 2044 NativeWifiP - ok
12:28:30.0827 2044 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:28:30.0855 2044 NDIS - ok
12:28:30.0920 2044 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:28:30.0944 2044 NdisCap - ok
12:28:30.0964 2044 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:28:31.0003 2044 NdisTapi - ok
12:28:31.0067 2044 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:28:31.0114 2044 Ndisuio - ok
12:28:31.0160 2044 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:28:31.0200 2044 NdisWan - ok
12:28:31.0232 2044 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:28:31.0278 2044 NDProxy - ok
12:28:31.0361 2044 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:28:31.0465 2044 NetBIOS - ok
12:28:31.0532 2044 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:28:31.0576 2044 NetBT - ok
12:28:31.0657 2044 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\Windows\system32\ckldrv.sys
12:28:31.0742 2044 NetworkX ( UnsignedFile.Multi.Generic ) - warning
12:28:31.0742 2044 NetworkX - detected UnsignedFile.Multi.Generic (1)
12:28:31.0836 2044 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:28:31.0847 2044 nfrd960 - ok
12:28:31.0980 2044 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:28:31.0989 2044 NisDrv - ok
12:28:32.0058 2044 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
12:28:32.0202 2044 nmsunidr - ok
12:28:32.0266 2044 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\Windows\system32\drivers\ccdcmb.sys
12:28:32.0349 2044 nmwcd - ok
12:28:32.0460 2044 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\Windows\system32\drivers\ccdcmbo.sys
12:28:32.0514 2044 nmwcdc - ok
12:28:32.0613 2044 nmwcdnsu (99145c5d4b6c4d6f5ce83ee6abffe294) C:\Windows\system32\drivers\nmwcdnsu.sys
12:28:32.0659 2044 nmwcdnsu - ok
12:28:32.0695 2044 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:28:32.0738 2044 Npfs - ok
12:28:32.0775 2044 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:28:32.0820 2044 nsiproxy - ok
12:28:32.0879 2044 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:28:32.0929 2044 Ntfs - ok
12:28:32.0984 2044 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:28:33.0027 2044 Null - ok
12:28:33.0304 2044 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:28:33.0605 2044 nvlddmkm - ok
12:28:33.0683 2044 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:28:33.0695 2044 nvraid - ok
12:28:33.0753 2044 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:28:33.0765 2044 nvstor - ok
12:28:33.0848 2044 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:28:33.0860 2044 nv_agp - ok
12:28:33.0920 2044 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:28:33.0950 2044 ohci1394 - ok
12:28:34.0108 2044 ossrv (09a0f62722baba3b402b6604795ef976) C:\Windows\system32\drivers\ctoss2k.sys
12:28:34.0119 2044 ossrv - ok
12:28:34.0174 2044 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:28:34.0206 2044 Parport - ok
12:28:34.0240 2044 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
12:28:34.0251 2044 partmgr - ok
12:28:34.0271 2044 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:28:34.0299 2044 Parvdm - ok
12:28:34.0385 2044 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
12:28:34.0452 2044 pccsmcfd - ok
12:28:34.0499 2044 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:28:34.0512 2044 pci - ok
12:28:34.0534 2044 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:28:34.0544 2044 pciide - ok
12:28:34.0564 2044 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:28:34.0577 2044 pcmcia - ok
12:28:34.0606 2044 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:28:34.0617 2044 pcw - ok
12:28:34.0692 2044 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:28:34.0764 2044 PEAUTH - ok
12:28:34.0832 2044 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
12:28:34.0877 2044 pmxmouse - ok
12:28:34.0896 2044 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
12:28:34.0905 2044 pmxusblf - ok
12:28:34.0972 2044 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:28:35.0014 2044 PptpMiniport - ok
12:28:35.0057 2044 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:28:35.0088 2044 Processor - ok
12:28:35.0290 2044 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:28:35.0354 2044 Psched - ok
12:28:35.0414 2044 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
12:28:35.0422 2044 PxHelp20 - ok
12:28:35.0487 2044 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:28:35.0542 2044 ql2300 - ok
12:28:35.0566 2044 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:28:35.0578 2044 ql40xx - ok
12:28:35.0644 2044 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:28:35.0674 2044 QWAVEdrv - ok
12:28:35.0720 2044 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:28:35.0763 2044 RasAcd - ok
12:28:35.0826 2044 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:28:35.0867 2044 RasAgileVpn - ok
12:28:35.0904 2044 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:28:35.0929 2044 Rasl2tp - ok
12:28:35.0956 2044 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:28:36.0000 2044 RasPppoe - ok
12:28:36.0032 2044 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:28:36.0075 2044 RasSstp - ok
12:28:36.0168 2044 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:28:36.0212 2044 rdbss - ok
12:28:36.0243 2044 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:28:36.0257 2044 rdpbus - ok
12:28:36.0302 2044 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:28:36.0348 2044 RDPCDD - ok
12:28:36.0394 2044 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:28:36.0465 2044 RDPDR - ok
12:28:36.0495 2044 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:28:36.0565 2044 RDPENCDD - ok
12:28:36.0586 2044 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:28:36.0651 2044 RDPREFMP - ok
12:28:36.0762 2044 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
12:28:36.0827 2044 RdpVideoMiniport - ok
12:28:36.0880 2044 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
12:28:36.0922 2044 RDPWD - ok
12:28:36.0999 2044 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:28:37.0012 2044 rdyboost - ok
12:28:37.0113 2044 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
12:28:37.0143 2044 RFCOMM - ok
12:28:37.0231 2044 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:28:37.0353 2044 rspndr - ok
12:28:37.0452 2044 RTL8192su (83e64d86a4d888d973de824780567518) C:\Windows\system32\DRIVERS\RTL8192su.sys
12:28:37.0524 2044 RTL8192su - ok
12:28:37.0573 2044 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:28:37.0693 2044 s3cap - ok
12:28:37.0762 2044 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:28:37.0773 2044 sbp2port - ok
12:28:37.0848 2044 SCDEmu (9feb2026a460916d1a1198b460632630) C:\Windows\system32\drivers\SCDEmu.sys
12:28:37.0879 2044 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
12:28:37.0879 2044 SCDEmu - detected UnsignedFile.Multi.Generic (1)
12:28:37.0992 2044 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:28:38.0034 2044 scfilter - ok
12:28:38.0112 2044 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:28:38.0153 2044 secdrv - ok
12:28:38.0212 2044 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:28:38.0259 2044 Serenum - ok
12:28:38.0284 2044 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:28:38.0313 2044 Serial - ok
12:28:38.0383 2044 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:28:38.0395 2044 sermouse - ok
12:28:38.0469 2044 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:28:38.0498 2044 sffdisk - ok
12:28:38.0525 2044 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:28:38.0565 2044 sffp_mmc - ok
12:28:38.0605 2044 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:28:38.0636 2044 sffp_sd - ok
12:28:38.0760 2044 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:28:38.0773 2044 sfloppy - ok
12:28:38.0826 2044 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:28:38.0836 2044 sisagp - ok
12:28:38.0866 2044 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:28:38.0876 2044 SiSRaid2 - ok
12:28:38.0893 2044 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:28:38.0904 2044 SiSRaid4 - ok
12:28:38.0936 2044 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:28:38.0961 2044 Smb - ok
12:28:38.0997 2044 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:28:39.0007 2044 spldr - ok
12:28:39.0079 2044 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
12:28:39.0105 2044 sptd - ok
12:28:39.0169 2044 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:28:39.0284 2044 srv - ok
12:28:39.0358 2044 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:28:39.0396 2044 srv2 - ok
12:28:39.0433 2044 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:28:39.0467 2044 srvnet - ok
12:28:39.0531 2044 ssm_bus (9ece19a1a4f4896597c3bb840fbfa721) C:\Windows\system32\DRIVERS\ssm_bus.sys
12:28:39.0542 2044 ssm_bus - ok
12:28:39.0571 2044 ssm_mdfl (8e93a17a5253999a0e7c332f475699dc) C:\Windows\system32\DRIVERS\ssm_mdfl.sys
12:28:39.0578 2044 ssm_mdfl - ok
12:28:39.0601 2044 ssm_mdm (c0ba1357c63deacf3b3ccf4b989fef06) C:\Windows\system32\DRIVERS\ssm_mdm.sys
12:28:39.0610 2044 ssm_mdm - ok
12:28:39.0726 2044 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:28:39.0737 2044 stexstor - ok
12:28:39.0776 2044 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
12:28:39.0842 2044 STHDA - ok
12:28:39.0878 2044 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
12:28:39.0923 2044 StillCam - ok
12:28:40.0000 2044 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:28:40.0011 2044 storflt - ok
12:28:40.0041 2044 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:28:40.0051 2044 storvsc - ok
12:28:40.0069 2044 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:28:40.0079 2044 swenum - ok
12:28:40.0131 2044 Synth3dVsc - ok
12:28:40.0178 2044 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
12:28:40.0185 2044 taphss - ok
12:28:40.0259 2044 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
12:28:40.0314 2044 Tcpip - ok
12:28:40.0353 2044 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
12:28:40.0379 2044 TCPIP6 - ok
12:28:40.0421 2044 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:28:40.0464 2044 tcpipreg - ok
12:28:40.0498 2044 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:28:40.0543 2044 TDPIPE - ok
12:28:40.0575 2044 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
12:28:40.0616 2044 TDTCP - ok
12:28:40.0663 2044 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:28:40.0706 2044 tdx - ok
12:28:40.0744 2044 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:28:40.0755 2044 TermDD - ok
12:28:40.0863 2044 Tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\Windows\system32\DRIVERS\tosrfusb.sys
12:28:40.0946 2044 Tosrfusb - ok
12:28:41.0191 2044 TSHWMDTCP (b56368b25a51cebda77e6b20764f07f2) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
12:28:41.0201 2044 TSHWMDTCP - ok
12:28:41.0288 2044 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:28:41.0335 2044 tssecsrv - ok
12:28:41.0421 2044 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:28:41.0476 2044 TsUsbFlt - ok
12:28:41.0488 2044 tsusbhub - ok
12:28:41.0567 2044 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:28:41.0613 2044 tunnel - ok
12:28:41.0676 2044 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:28:41.0686 2044 uagp35 - ok
12:28:41.0747 2044 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:28:41.0791 2044 udfs - ok
12:28:41.0861 2044 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:28:41.0871 2044 uliagpkx - ok
12:28:41.0994 2044 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:28:42.0042 2044 umbus - ok
12:28:42.0091 2044 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:28:42.0123 2044 UmPass - ok
12:28:42.0210 2044 upperdev (ec01da44b090d2651fc032c8b9257232) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
12:28:42.0243 2044 upperdev - ok
12:28:42.0353 2044 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:28:42.0403 2044 USBAAPL - ok
12:28:42.0450 2044 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:28:42.0523 2044 usbccgp - ok
12:28:42.0573 2044 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:28:42.0608 2044 usbcir - ok
12:28:42.0645 2044 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:28:42.0678 2044 usbehci - ok
12:28:42.0732 2044 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:28:42.0763 2044 usbhub - ok
12:28:42.0891 2044 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:28:42.0920 2044 usbohci - ok
12:28:42.0953 2044 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:28:42.0991 2044 usbprint - ok
12:28:43.0077 2044 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
12:28:43.0105 2044 usbser - ok
12:28:43.0153 2044 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
12:28:43.0205 2044 UsbserFilt - ok
12:28:43.0254 2044 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:28:43.0381 2044 USBSTOR - ok
12:28:43.0438 2044 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:28:43.0464 2044 usbuhci - ok
12:28:43.0537 2044 USB_RNDIS (b71da871254d96d0349639d03e4c1cc1) C:\Windows\system32\DRIVERS\usb8023.sys
12:28:43.0590 2044 USB_RNDIS - ok
12:28:43.0685 2044 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
12:28:43.0786 2044 usb_rndisx - ok
12:28:43.0859 2044 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:28:43.0869 2044 vdrvroot - ok
12:28:43.0920 2044 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:28:43.0948 2044 vga - ok
12:28:43.0973 2044 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:28:43.0997 2044 VgaSave - ok
12:28:44.0007 2044 VGPU - ok
12:28:44.0056 2044 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:28:44.0069 2044 vhdmp - ok
12:28:44.0101 2044 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:28:44.0112 2044 viaagp - ok
12:28:44.0128 2044 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:28:44.0159 2044 ViaC7 - ok
12:28:44.0189 2044 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:28:44.0198 2044 viaide - ok
12:28:44.0276 2044 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:28:44.0292 2044 vmbus - ok
12:28:44.0313 2044 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:28:44.0347 2044 VMBusHID - ok
12:28:44.0381 2044 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:28:44.0391 2044 volmgr - ok
12:28:44.0411 2044 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:28:44.0426 2044 volmgrx - ok
12:28:44.0449 2044 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:28:44.0464 2044 volsnap - ok
12:28:44.0496 2044 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:28:44.0509 2044 vsmraid - ok
12:28:44.0539 2044 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:28:44.0570 2044 vwifibus - ok
12:28:44.0618 2044 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:28:44.0660 2044 VWiFiFlt - ok
12:28:44.0779 2044 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
12:28:44.0820 2044 vwifimp - ok
12:28:44.0859 2044 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:28:44.0886 2044 WacomPen - ok
12:28:44.0947 2044 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:28:44.0987 2044 WANARP - ok
12:28:44.0991 2044 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:28:45.0014 2044 Wanarpv6 - ok
12:28:45.0074 2044 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:28:45.0084 2044 Wd - ok
12:28:45.0112 2044 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:28:45.0146 2044 Wdf01000 - ok
12:28:45.0200 2044 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:28:45.0347 2044 WfpLwf - ok
12:28:45.0379 2044 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:28:45.0389 2044 WIMMount - ok
12:28:45.0469 2044 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.SYS
12:28:45.0502 2044 WinUsb - ok
12:28:45.0548 2044 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:28:45.0587 2044 WmiAcpi - ok
12:28:45.0675 2044 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:28:45.0722 2044 ws2ifsl - ok
12:28:45.0859 2044 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:28:45.0901 2044 WudfPf - ok
12:28:45.0938 2044 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:28:45.0985 2044 WUDFRd - ok
12:28:46.0073 2044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:28:46.0125 2044 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:28:46.0125 2044 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:28:46.0128 2044 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
12:28:46.0198 2044 \Device\Harddisk1\DR1 - ok
12:28:46.0503 2044 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
12:28:46.0696 2044 \Device\Harddisk2\DR2 - ok
12:28:48.0952 2044 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR7
12:28:49.0172 2044 \Device\Harddisk7\DR7 - ok
12:28:49.0177 2044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk8\DR8
12:28:49.0956 2044 \Device\Harddisk8\DR8 - ok
12:28:49.0966 2044 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk9\DR9
12:28:50.0114 2044 \Device\Harddisk9\DR9 - ok
12:28:50.0133 2044 Boot (0x1200) (a6a84e26ac34b0fc0e7cba6808fc4367) \Device\Harddisk0\DR0\Partition0
12:28:50.0134 2044 \Device\Harddisk0\DR0\Partition0 - ok
12:28:50.0151 2044 Boot (0x1200) (e6a96065715c6ccd9f4ef032ce70dc9a) \Device\Harddisk0\DR0\Partition1
12:28:50.0152 2044 \Device\Harddisk0\DR0\Partition1 - ok
12:28:50.0165 2044 Boot (0x1200) (385db45891b1062ca2c5cc8a60251f4b) \Device\Harddisk1\DR1\Partition0
12:28:50.0166 2044 \Device\Harddisk1\DR1\Partition0 - ok
12:28:50.0170 2044 Boot (0x1200) (92c3d14e900005cea6e26ffb74b304c1) \Device\Harddisk2\DR2\Partition0
12:28:50.0172 2044 \Device\Harddisk2\DR2\Partition0 - ok
12:28:50.0175 2044 Boot (0x1200) (5c86e299a2dd370cc649a5839384aad6) \Device\Harddisk7\DR7\Partition0
12:28:50.0177 2044 \Device\Harddisk7\DR7\Partition0 - ok
12:28:50.0180 2044 Boot (0x1200) (e294e4ed541ea2a68ed7a61290447d97) \Device\Harddisk8\DR8\Partition0
12:28:50.0181 2044 \Device\Harddisk8\DR8\Partition0 - ok
12:28:50.0185 2044 Boot (0x1200) (32c620616671b66164f213ce9c5ce0d9) \Device\Harddisk9\DR9\Partition0
12:28:50.0186 2044 \Device\Harddisk9\DR9\Partition0 - ok
12:28:50.0187 2044 ============================================================
12:28:50.0187 2044 Scan finished
12:28:50.0188 2044 ============================================================
12:28:50.0199 4788 Detected object count: 5
12:28:50.0199 4788 Actual detected object count: 5
12:28:54.0259 4788 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:28:54.0260 4788 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:28:54.0261 4788 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:28:54.0261 4788 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:28:54.0263 4788 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user
12:28:54.0263 4788 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:28:54.0265 4788 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
12:28:54.0265 4788 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:28:54.0266 4788 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:28:54.0266 4788 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

ComboFix 11-12-18.01 - Kieran 18/12/2011 19:05:12.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.353.1033.18.3326.1760 [GMT 0:00]
Running from: c:\users\Kieran\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kieran\AppData\Roaming\install
O:\Autorun.inf
Y:\autorun.inf
Z:\Autorun.inf
Z:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 19:16 . 2011-12-18 19:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-18 14:17 . 2011-12-18 14:17 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9218717-D39F-451D-8C68-DD0D50389FF1}\offreg.dll
2011-12-18 14:17 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9218717-D39F-451D-8C68-DD0D50389FF1}\mpengine.dll
2011-12-15 11:56 . 2011-12-15 11:56 -------- d-----w- c:\program files\VisiPics
2011-12-15 11:40 . 2011-12-15 11:40 -------- d-----w- c:\users\Kieran\boredoms magazine
2011-12-15 02:15 . 2011-12-15 02:15 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-15 02:15 . 2011-12-15 02:15 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-15 02:15 . 2011-12-15 02:15 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-12-15 02:15 . 2011-12-15 02:15 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-15 02:15 . 2011-12-15 02:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-15 01:22 . 2011-12-15 01:22 -------- d-----w- c:\program files\iPod
2011-12-14 09:08 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 09:08 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 09:08 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 09:07 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 09:07 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 09:07 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-11-30 00:10 . 2011-11-30 00:10 -------- d-----w- c:\users\Kieran\AppData\Roaming\Colasoft MAC Scanner
2011-11-30 00:10 . 2011-11-30 00:10 -------- d-----w- c:\program files\Common Files\Colasoft Shared
2011-11-30 00:10 . 2011-11-30 00:10 -------- d-----w- c:\users\Kieran\AppData\Roaming\Colasoft Capsa 7.4 - WiFi Edition Demo
2011-11-30 00:10 . 2011-11-30 00:10 -------- d-----w- c:\programdata\Colasoft Capsa 7.4 - WiFi Edition Demo
2011-11-30 00:08 . 2011-11-30 00:08 -------- d-----w- c:\programdata\Colasoft Capsa 7 WiFi Demo
2011-11-30 00:08 . 2010-10-11 14:57 21080 ----a-w- c:\windows\system32\drivers\CsNdisLWF.sys
2011-11-30 00:08 . 2011-11-30 00:14 -------- d-----w- c:\program files\Colasoft Capsa 7 WiFi Demo Edition
2011-11-29 22:49 . 2011-11-30 00:04 -------- d-----w- c:\program files\WiFi-Manager
2011-11-29 22:49 . 2011-11-25 18:34 440320 ----a-w- c:\windows\system32\WiFiMan.dll
2011-11-29 00:53 . 2011-11-29 00:53 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
2011-11-24 14:58 . 2011-12-16 16:03 -------- d-----w- c:\users\Kieran\AppData\Local\WinZip
2011-11-23 00:10 . 2011-11-23 00:10 -------- d-----w- c:\users\Kieran\AppData\Roaming\WinZip
2011-11-21 19:54 . 2011-11-21 19:57 -------- d-----w- c:\users\Kieran\AppData\Roaming\OpenCandy
2011-11-21 19:22 . 2011-11-21 19:22 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-20 10:57 . 2011-11-20 10:57 -------- d-----w- c:\program files\FileHippo.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-11-15 08:46 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-17 20:37 . 2010-11-02 15:22 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-17 18:35 . 2011-11-17 18:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 12:13 . 2011-11-14 12:13 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD57C2E2-2316-4F60-BCFB-23FD7F0A86BA}\gapaengine.dll
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 12:52 . 2011-10-20 12:52 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-29 16:03 . 2011-11-09 09:05 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-21 08:00 . 2011-10-13 11:20 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B30E980D-47D1-4FB7-8E37-02EFB6C69203}\mpengine.dll
2010-07-20 10:00 . 2008-04-25 12:41 86016 ----a-w- c:\program files\mozilla firefox\plugins\QVPLUG32.DLL
2011-07-19 00:36 . 2011-04-19 16:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 10:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-03 10:16 175400 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 68856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"googletalk"="c:\users\Kieran\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-27 68592]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-08-08 148760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"MMReminderService"="c:\program files\Mindjet\MindManager 9\MMReminderService.exe" [2011-02-11 38240]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-15 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-05-05 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2010-07-20 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
2007-10-09 16:21 169328 ----a-w- c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R1 MpKsl88fbdbfd;MpKsl88fbdbfd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C939DEC5-93DB-4FC6-A218-3E8248B7FD5E}\MpKsl88fbdbfd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-11 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 171096]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1324120]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 72792]
R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-05-18 137600]
R3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
R3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-25 721904]
S1 CsNdisLWF;Colasoft Packet Driver for WiFi;c:\windows\system32\DRIVERS\CsNdisLWF.sys [2010-10-11 21080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-21 239168]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 171096]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1324120]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 72792]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 583680]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 38976781
*NewlyCreated* - FSUSBEXDISK
*Deregistered* - 38976781
*Deregistered* - MPFP
*Deregistered* - tifsfilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 01:58]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 01:58]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119982138-2822077597-1950866782-1001Core.job
- c:\users\Kieran\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 21:07]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119982138-2822077597-1950866782-1001UA.job
- c:\users\Kieran\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 21:07]
.
2011-12-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2011-12-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\pqgl9gps.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ControlFreak - c:\program files\Winamp\Plugins\cfuninst.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1119982138-2822077597-1950866782-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86ED9FC0-3A25-62BA-BA82-DC30FE45E874}*]
"oalapiaflmfpiplllgdigmkjndkiak"=hex:6b,61,6b,69,66,6d,6a,69,62,66,69,6d,62,6f,
63,66,68,6e,69,6e,63,6b,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-18 19:19:07
ComboFix-quarantined-files.txt 2011-12-18 19:19
.
Pre-Run: 57,708,945,408 bytes free
Post-Run: 57,719,619,584 bytes free
.
- - End Of File - - EB728DD20030AB79495031D67F398D40
  • 0

#22
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

How are things running?

Do you have access to a flash drive or have any spare blank DVDs/CDs sitting around that we could burn some files to?

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Driver::
38976781
RegNull::
[HKEY_USERS\S-1-5-21-1119982138-2822077597-1950866782-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86ED9FC0-3A25-62BA-BA82-DC30FE45E874}*]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • 0

#23
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi ST!

How are things running?


PC is running fine, if I had not seen this in the MSE report I would not have known there was a trojan present.

Do you have access to a flash drive or have any spare blank DVDs/CDs sitting around that we could burn some files to?


Sure, I have both, let me know what files to burn.

ComboFix 11-12-19.03 - Kieran 20/12/2011 11:14:12.4.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.353.1033.18.3326.1402 [GMT 0:00]
Running from: c:\users\Kieran\Desktop\ComboFix.exe
Command switches used :: c:\users\Kieran\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_38976781
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 11:25 . 2011-12-20 11:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-20 11:25 . 2011-12-20 11:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-20 11:25 . 2011-12-20 11:25 -------- d-----w- c:\users\Newadmin\AppData\Local\temp
2011-12-20 11:25 . 2011-12-20 11:25 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-12-20 11:25 . 2011-12-20 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 14:46 . 2011-12-19 14:46 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D12B538E-0C89-480C-A186-CA4E4944070D}\MpKsl686aceb5.sys
2011-12-19 14:45 . 2011-12-20 11:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D12B538E-0C89-480C-A186-CA4E4944070D}\offreg.dll
2011-12-19 14:45 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D12B538E-0C89-480C-A186-CA4E4944070D}\mpengine.dll
2011-12-19 12:03 . 2011-12-19 12:03 -------- d-----w- c:\users\Kieran\AppData\Roaming\MediaMonkey
2011-12-19 11:57 . 2011-12-19 11:57 -------- d-----w- c:\windows\en
2011-12-19 11:51 . 2011-12-19 11:51 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\8768f5881ccbe4406\MeshBetaRemover.exe
2011-12-19 11:51 . 2011-12-19 11:51 -------- d-----w- c:\program files\Common Files\Java
2011-12-19 11:50 . 2011-12-19 11:50 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-15 11:56 . 2011-12-15 11:56 -------- d-----w- c:\program files\VisiPics
2011-12-15 11:40 . 2011-12-15 11:40 -------- d-----w- c:\users\Kieran\boredoms magazine
2011-12-15 02:15 . 2011-12-15 02:15 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-15 02:15 . 2011-12-15 02:15 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-15 02:15 . 2011-12-15 02:15 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-12-15 02:15 . 2011-12-15 02:15 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-15 02:15 . 2011-12-15 02:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-15 01:22 . 2011-12-15 01:22 -------- d-----w- c:\program files\iPod
2011-12-14 09:08 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 09:08 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 09:08 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 09:07 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 09:07 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 09:07 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-12-09 17:23 . 2011-12-09 17:23 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll
2011-11-30 00:10 . 2011-11-30 00:10 -------- d-----w- c:\users\Kieran\AppData\Roaming\Colasoft MAC Scanner
2011-11-30 00:10 . 2011-11-30 00:10 -------- d-----w- c:\program files\Common Files\Colasoft Shared
2011-11-30 00:10 . 2011-11-30 00:10 -------- d-----w- c:\programdata\Colasoft Capsa 7.4 - WiFi Edition Demo
2011-11-30 00:08 . 2010-10-11 14:57 21080 ----a-w- c:\windows\system32\drivers\CsNdisLWF.sys
2011-11-30 00:08 . 2011-12-19 14:11 -------- d-----w- c:\program files\Colasoft Capsa 7 WiFi Demo Edition
2011-11-29 22:49 . 2011-11-30 00:04 -------- d-----w- c:\program files\WiFi-Manager
2011-11-29 22:49 . 2011-11-25 18:34 440320 ----a-w- c:\windows\system32\WiFiMan.dll
2011-11-29 00:53 . 2011-11-29 00:53 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
2011-11-23 00:10 . 2011-11-23 00:10 -------- d-----w- c:\users\Kieran\AppData\Roaming\WinZip
2011-11-21 19:54 . 2011-11-21 19:57 -------- d-----w- c:\users\Kieran\AppData\Roaming\OpenCandy
2011-11-21 19:22 . 2011-11-21 19:22 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 11:50 . 2010-11-02 15:22 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-21 10:47 . 2011-11-15 08:46 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-17 18:35 . 2011-11-17 18:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 12:13 . 2011-11-14 12:13 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD57C2E2-2316-4F60-BCFB-23FD7F0A86BA}\gapaengine.dll
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 12:52 . 2011-10-20 12:52 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-29 16:03 . 2011-11-09 09:05 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-20 10:00 . 2008-04-25 12:41 86016 ----a-w- c:\program files\mozilla firefox\plugins\QVPLUG32.DLL
2011-07-19 00:36 . 2011-04-19 16:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"googletalk"="c:\users\Kieran\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-08-08 148760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"MMReminderService"="c:\program files\Mindjet\MindManager 9\MMReminderService.exe" [2011-02-11 38240]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-15 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-05-05 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2010-07-20 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
2007-10-09 16:21 169328 ----a-w- c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R1 MpKsl88fbdbfd;MpKsl88fbdbfd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C939DEC5-93DB-4FC6-A218-3E8248B7FD5E}\MpKsl88fbdbfd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-11 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 171096]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1324120]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 72792]
R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
R3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-25 721904]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-21 239168]
S1 MpKsl686aceb5;MpKsl686aceb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D12B538E-0C89-480C-A186-CA4E4944070D}\MpKsl686aceb5.sys [2011-12-19 29904]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 171096]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1324120]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 72792]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 583680]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MPFP
*Deregistered* - tifsfilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 01:58]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 01:58]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119982138-2822077597-1950866782-1001Core.job
- c:\users\Kieran\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 21:07]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119982138-2822077597-1950866782-1001UA.job
- c:\users\Kieran\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 21:07]
.
2011-12-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2011-12-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\pqgl9gps.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\XPSMiniViewGadget\XPSMiniViewGadget.exe
c:\program files\Ikanos Consulting\SideTunes\itunessideshowgadget.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sdclt.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2011-12-20 11:33:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-20 11:33
ComboFix2.txt 2011-12-18 19:19
.
Pre-Run: 50,516,262,912 bytes free
Post-Run: 50,488,127,488 bytes free
.
- - End Of File - - 90F0D6B721D02DABF480A359BAF61895
  • 0

#24
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Great!

I believe the reason for your problems is a bad driver. I would like to use this tool to check for unsigned drivers.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • If succesful, the script will check all your drivers
  • After it has finished a report will be located in the USB drive as report.txt
Attach the report.txt for my review
  • 0

#25
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi! that all seemed to run fine. Here's the report:

Wed Dec 21 10:52:39 UTC 2011
Driver report for /mnt/sda3/Windows/System32/drivers
306521935042fc0a6988d528643619b3 StarOpen.sys has NO Company Name!

fbce2f43185104ae8bf4d32571b19203 1394bus.sys
Microsoft Corporation

1b133875b8aa8ac48969bd3458afe9f5 1394ohci.sys
Microsoft Corporation

1efbc664abff416d1d07db115dcb264f acpipmi.sys
Microsoft Corporation

cea80c80bed809aa0da6febc04733349 acpi.sys
Microsoft Corporation

21e785ebd7dc90a06391141aac7892fb adp94xx.sys
Adaptec

0c676bc278d5b59ff5abd57bbe9123f2 adpahci.sys
Adaptec

7c7b5ee4b7b822ec85321fe23a27db33 adpu320.sys
Adaptec

2c5c22990156a1063e19ad162191dc1d AegisP.sys
Meetinghouse Data Communications

9ebbba55060f786f0fcaa3893bfa2806 afd.sys
Microsoft Corporation

57ec4aef73660166074d8f7f31c0d4fd agilevpn.sys
Microsoft Corporation

507812c3054c21cef746b6ee3d04dd6e AGP440.sys
Microsoft Corporation

0d40bcf52ea90fc7df2aeab6503dea44 aliide.sys
Acer Laboratories

3c6600a0696e90a463771c7422e23ab5 AMDAGP.SYS
Microsoft Corporation

cd5914170297126b6266860198d1d4f0 amdide.sys
Microsoft Corporation

00dda200d71bac534bf56a9db5dfd666 amdk8.sys
Microsoft Corporation

3cbf30f5370fda40dd3e87df38ea53b6 amdppm.sys
Microsoft Corporation

d320bf87125326f996d4904fe24300fc amdsata.sys
Advanced Micro Devices

ea43af0c423ff267355f74e7a53bdaba amdsbs.sys
AMD Technologies

46387fb17b086d16dea267d5be23a2f2 amdxata.sys
Advanced Micro Devices

aea177f783e20150ace5383ee368da19 appid.sys
Microsoft Corporation

05eda44c080ebaf758f8a318488ffd75 appliand.sys
H`||VS_VERSION_INFOaa?aStringFileInfobTCommentsNDISpacketredirectordriverTCompanyNameApplianTechnologiesInc.VFileDescriptionAPPLIANDhelperdriverbFileVersion...tInternalNameappliandz+LegalCopyrightCopyrightApplianTechnologiesInc.(LegalTrademarksBrOriginalFilenameappliand.sysProductNamebProductVersion...DVarFileInfo$Translation*

5d6f36c46fd283ae1b57bd2e9feb0bc7 arcsas.sys
Adaptec

2932004f49677bd84dbc72edb754ffb3 arc.sys
Adaptec

add2ade1c2b285ab8378d2daaf991481 asyncmac.sys
Microsoft Corporation

338c86357871c167a96ab976519bf59e atapi.sys
Microsoft Corporation

4b55c9f9a93b3bfd01ed7366eb0b9d2e ataport.sys
Microsoft Corporation

bd8869eb9cde6bbe4508d869929869ee b57nd60x.sys
Broadcom Corporation

2b8ee031fd700ab942ebe60665440e83 battc.sys
Microsoft Corporation

505506526a9d467307b3c393dedaf858 beep.sys
Microsoft Corporation

2287078ed48fcfc477b05b20cf38f36f blbdrive.sys
Microsoft Corporation

8f2da3028d5fcbd1a060a3de64cd6506 bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

77361d72a04f18809d0efb6cceb74d4b bridge.sys
Microsoft Corporation

845b8ce732e67f3b4133164868c666ea BrSerId.sys
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

2865a5c8e98c70c605f417908cebb3a4 bthenum.sys
Microsoft Corporation

ed3df7c56ce0084eb2034432fc56565a bthmodem.sys
Microsoft Corporation

ad1872e5829e8a2c3b5b4b641c3eab0e bthpan.sys
Microsoft Corporation

4a34888e13224678dd062466afec4240 bthport.sys
Microsoft Corporation

fa04c63916fa221dbb91fce153d07a55 BTHUSB.SYS
Microsoft Corporation

1a231abec60fd316ec54c66715543cec bxvbdx.sys
Broadcom Corporation

77ea11b065e0a8ab902d78145ca51e10 cdfs.sys
Microsoft Corporation

223dea13c9d064babc882b4727f6f905 cdr4_xp.sys
Sonic Solutions

9e26599599d178e71afb5599e146031a cdralw2k.sys
Sonic Solutions

be167ed0fdb9c1fa1133953c18d5a6c9 cdrom.sys
Microsoft Corporation

3fe3fe94a34df6fb06e6418d0f6a0060 circlass.sys
Microsoft Corporation

a6388a5abf92c7927c085db0a958125f Classpnp.sys
Microsoft Corporation

dea805815e587dad1dd2c502220b5616 CmBatt.sys
Microsoft Corporation

c537b1db64d495b9b4717b4d6d9edbf2 cmdide.sys
CMD Technology

1b675691ed940766149c93e8f4488d68 cng.sys
Microsoft Corporation

a6023d3823c37043986713f118a89bee compbatt.sys
Microsoft Corporation

cbe8c58a8579cfe5fccf809e6f114e89 CompositeBus.sys
Microsoft Corporation

b7efef22ff426ec4158a177cb3b558d3 crashdmp.sys
Microsoft Corporation

2c4ebcfc84a9b44f209dff6c6e6c61d1 crcdisk.sys
Microsoft Corporation

3c2177a897b4ca2788c6fb0c3fd81d4b csc.sys
Microsoft Corporation

cb59b8e7241a06e0278a4eacaaaba5ea CsNdisLWF.sys
?bStringFileInfoB^CompanyNameWindows®WinDDKproviderhFileDescriptionColasoftPacketDriverforWiFi`FileVersion...builtby:WinDDK<InternalNameCsNdisLWF.SYS.LegalCopyrightMicrosoftCorporation.Allrightsreserved.DOriginalFilenameCsNdisLWF.SYSZProductNameWindows®WinDDKdriverBProductVersion...DVarFileInfo$Translation*

92ef3400636bd8e9ca6144b089a943f0 CT20XUT.sys
Creative Technology

20f2e80701fdd71edd8eae474db72bcc ctac32k.sys
Creative Technology

6dbe16ddf1ee79691443a0491308dd17 ctaud2k.sys
Creative Technology

68adfc2bf18cbdd7acee0eeeeb242d1e CTEXFIFX.sys
Creative Technology

522f2a3dc88c8ca0c19a7d4bfda38512 CTHWIUT.sys
Creative Technology

09a0f62722baba3b402b6604795ef976 ctoss2k.sys
Creative Technology

8895f03ff0f72d46f34212d0c545f17b ctprxy2k.sys
Creative Technology

17f772d7d1803956ca4c978634acb977 ctsfm2k.sys
Creative Technology

f024449c97ec1e464aaffda18593db88 dfsc.sys
Microsoft Corporation

1a050b0274bfb3890703d490f330c0da discache.sys
Microsoft Corporation

d0f0d7a97c90fe72a79732812e65f822 Diskdump.sys
Microsoft Corporation

565003f326f99802e68ca78f2a68e9ff disk.sys
Microsoft Corporation

8b30250d573a8f6b4bd23195160d8707 djsvs.sys
Adaptec

caefd09b6a6249c53a67d55a9a9fcabf Dot4Prt.sys
Microsoft Corporation

9f7de667c505ce6500becdd8e11644d7 Dot4Scan.sys
Microsoft Corporation

b5e479eb83707dd698f66953e922042c Dot4.sys
Microsoft Corporation

cf491ff38d62143203c065260567e2f7 Dot4usb.sys
Microsoft Corporation

b918e7c5f9bf77202f89e1a9539f2eb4 drmkaud.sys
Microsoft Corporation

27f9288af019e6daca281ede51ff5928 drmk.sys
Microsoft Corporation

fb38473835476a6fb272215a1d972af9 dtsoftbus01.sys
H`VS_VERSION_INFO--?zStringFileInfoVebCompanyNameDTSoftLtd>FileVersion...VLegalCopyright-DTSoftLtd.hFileDescriptionDAEMONToolsVirtualBusDriverbInternalNamedtsoftbusHOriginalFilenamedtsoftbus.sysDProductNameDAEMONToolsLiteBProductVersion...DVarFileInfo$Translationt*

5428227d4730ebdfc842e9fb593f8c8a Dumpata.sys
Microsoft Corporation

62a63ef2f3053b461cb327e4d69aaa74 dumpfve.sys
Microsoft Corporation

5fcd3320aae71506b43f9e12e4e72172 dxapi.sys
Microsoft Corporation

23f5d28378a160352ba8f817bd8c71cb dxgkrnl.sys
Microsoft Corporation

d458d1c7f1d49869000668e3c3bb0d4d dxgmms1.sys
Microsoft Corporation

1b6242b20cb56f85a158e67f09ee84fe dxg.sys
Microsoft Corporation

cf0a6015f437161698c5b2a0a12cf052 e1e6032.sys
Intel Corporation

0535bfbedb9378ddd15bdf9957d57d71 e1e6232.sys
Intel Corporation

0ed67910c8c326796faa00b2bf6d9d3c elxstor.sys
Emulex

ce9bb4eabcd82293662c54713edcad1e emupia2k.sys
Creative Technology

8fc3208352dd3912c94367a206ab3f11 errdev.sys
Microsoft Corporation

024e1b5cac09731e4d868e64dbfb4ab0 evbdx.sys
Broadcom Corporation

2dc9108d74081149cc8b651d3a26207f exfat.sys
Microsoft Corporation

7e0ab74553476622fb6ae36f73d97d35 fastfat.sys
Microsoft Corporation

e817a017f82df2a1f8cfdbda29388b29 fdc.sys
Microsoft Corporation

6cf00369c97f3cf563be99be983d13d8 fileinfo.sys
Microsoft Corporation

42c51dc94c91da21cb9196eb64c45db9 filetrace.sys
Microsoft Corporation

87907aa70cb3c56600f1c2fb8841579b flpydisk.sys
Microsoft Corporation

7520ec808e0c35e0ee6f841294316653 fltMgr.sys
Microsoft Corporation

1a16b57943853e598cff37fe2b8cbf1d fsdepends.sys
Microsoft Corporation

a574b4360e438977038aae4bf60d79a2 fs_rec.sys
Microsoft Corporation

d909075fa72c090f27aa926c32cb4612 fssfltr.sys
Microsoft Corporation

8a73e79089b282100b9393b644cb853b fvevol.sys
Microsoft Corporation

56e5c9b62bad9ec85bc76940d28b6c11 FWPKCLNT.SYS
Microsoft Corporation

65ee0c7a58b65e74ae05637418153938 GAGP30KX.SYS
Microsoft Corporation

8182ff89c65e4d38b2de4bb0fb18564e GEARAspiWDM.sys
GEAR Software

f70ddccc0b45cf9e08ca91b187526f43 ha20x2k.sys
Creative Technology

c44e3c2bab6837db337ddee7544736db hcw85cir.sys
Hauppauge Computer Works

9036377b8a6c15dc2eec53e489d159b5 hdaudbus.sys
Microsoft Corporation

1d58a7f3e11a9731d0eaaaa8405acc36 hidbatt.sys
Microsoft Corporation

89448f40e6df260c206a193a4683ba78 hidbth.sys
Microsoft Corporation

931a1df1520abc6e84ba4a75e6957025 hidclass.sys
Microsoft Corporation

cf50b4cf4a4f229b9f3c08351f99ca5e hidir.sys
Microsoft Corporation

6c26122f1931d4d7810240f32ddce890 hidparse.sys
Microsoft Corporation

10c19f8290891af023eaec0832e1eb4d hidusb.sys
Microsoft Corporation

295fdc419039090eb8b49ffdbb374549 HpSAMD.sys
Hewlett-Packard

871917b07a141bff43d76d8844d48106 http.sys
Microsoft Corporation

0c4e035c7f105f1299258c90886c64c5 hwpolicy.sys
Microsoft Corporation

f151f0bdc47f4a28b1b20a0818ea36d6 i8042prt.sys
Microsoft Corporation

01446278d4563b3013c92830ae6cbb26 iaStor.sys
Intel Corporation

5cd5f9a5444e6cdcb0ac89bd62d8b76e iaStorV.sys
Intel Corporation

4173ff5708f3236cf25195fecd742915 iirsp.sys
Intel Corp

a0f12f2c9ba6c72f3987ce780e77c130 intelide.sys
Microsoft Corporation

3b514d27bfc4accb4037bc6685f766e0 intelppm.sys
Microsoft Corporation

709d1761d3b19a932ff0238ea6d50200 ipfltdrv.sys
Microsoft Corporation

4bd7134618c1d2a27466a099062547bf IPMIDrv.sys
Microsoft Corporation

a5fa468d67abcdaa36264e463a7bb0cd ipnat.sys
Microsoft Corporation

8e7726ba6e6c4cd81baa6c8d8c0099f3 iqvw32.sys
Intel Corporation

9f7e491fb0ba0f9e370163834fc1fe31 irda.sys
Microsoft Corporation

42996cff20a3084a56017b7902307e9f irenum.sys
Microsoft Corporation

1f32bb6b38f62f7df1a7ab7292638a35 isapnp.sys
Microsoft Corporation

adef52ca1aeae82b50df86b56413107e kbdclass.sys
Microsoft Corporation

9e3ced91863e6ee98c24794d05e27a71 kbdhid.sys
Microsoft Corporation

412cea1aa78cc02a447f5c9e62b32ff1 ksecdd.sys
Microsoft Corporation

26c046977e85b95036453d7b88ba1820 ksecpkg.sys
Microsoft Corporation

5dcef0c32be0f33277326586fa503689 ks.sys
Microsoft Corporation

f7611ec07349979da9b0ae1f18ccc7a6 lltdio.sys
Microsoft Corporation

eb119a53ccf2acc000ac71b065b78fef lsi_fc.sys
LSI Corporation

dc9dc3d3daa0e276fd2ec262e38b11e9 lsi_sas2.sys
LSI Corporation

8ade1c877256a22e49b75d1cc9161f9c lsi_sas.sys
LSI Corporation

0a036c7d7cab643a7f07135ac47e0524 lsi_scsi.sys
LSI Corporation

6703e366cc18d3b6e534f5cf7df39cee luafv.sys
Microsoft Corporation

69a6268d7f81e53d568ab4e7e991caf3 mbam.sys
Malwarebytes Corporation

ef08d2ebe3eabba43cc57eee001027b6 mcd.sys
Microsoft Corporation

0fff5b045293002ab38eb1fd1fc2fb74 megasas.sys
LSI Corporation

dcbab2920c75f390caf1d29f675d03d6 MegaSR.sys
LSI Corporation

f001861e5700ee84e2d4e52c712f4964 modem.sys
Microsoft Corporation

79d10964de86b292320e9dfe02282a23 monitor.sys
Microsoft Corporation

fb18cc1d4c2e716b6b903b0ac0cc0609 mouclass.sys
Microsoft Corporation

2c388d2cd01c9042596cf3c8f3c7b24d mouhid.sys
Microsoft Corporation

fc8771f45ecccfd89684e38842539b9b mountmgr.sys
Microsoft Corporation

fee0baded54222e9f1dae9541212aab1 MpFilter.sys
Microsoft Corporation

2d699fb6e89ce0d8da14ecc03b3edfe0 mpio.sys
Microsoft Corporation

2c3489660d4a8d514c123c3f0d67df46 MpNWMon.sys
Microsoft Corporation

ad2723a7b53dd1aacae6ad8c0bfbf4d0 mpsdrv.sys
Microsoft Corporation

ceb46ab7c01c9f825f8cc6babc18166a mrxdav.sys
Microsoft Corporation

6d17a4791aca19328c685d256349fefc mrxsmb10.sys
Microsoft Corporation

b81f204d146000be76651a50670a5e9e mrxsmb20.sys
Microsoft Corporation

5d16c921e3671636c0eba3bbaac5fd25 mrxsmb.sys
Microsoft Corporation

012c5f4e9349e711e11e0f19a8589f0a msahci.sys
Microsoft Corporation

55055f8ad8be27a64c831322a780a228 msdsm.sys
Microsoft Corporation

daefb28e3af5a76abcc2c3078c07327f msfs.sys
Microsoft Corporation

3e1e5767043c5af9367f0056295e9f84 mshidkmdf.sys
Microsoft Corporation

0a4e5757ae09fa9622e3158cc1aef114 msisadrv.sys
Microsoft Corporation

cb7a9abb12b8415bce5d74994c7ba3ae msiscsi.sys
Microsoft Corporation

8c0860d6366aaffb6c5bb9df9448e631 mskssrv.sys
Microsoft Corporation

3ea8b949f963562cedbb549eac0c11ce mspclock.sys
Microsoft Corporation

f456e973590d663b1073e9c463b40932 mspqm.sys
Microsoft Corporation

0e008fc4819d238c51d7c93e7b41e560 msrpc.sys
Microsoft Corporation

fc6b9ff600cc585ea38b12589bd4e246 mssmbios.sys
Microsoft Corporation

b42c6b921f61a6e55159b8be6cd54a36 mstee.sys
Microsoft Corporation

33599130f44e1f34631cea241de8ac84 MTConfig.sys
Microsoft Corporation

159fad02f64e6381758c990f753bcc80 mup.sys
Microsoft Corporation

0e1787aa6c9191d3d319e8bafe86f80c ndiscap.sys
Microsoft Corporation

e7c54812a2aaf43316eb6930c1ffa108 ndis.sys
Microsoft Corporation

e4a8aec125a2e43a9e32afeea7c9c888 ndistapi.sys
Microsoft Corporation

d8a65dafb3eb41cbb622745676fcd072 ndisuio.sys
Microsoft Corporation

38fbe267e7e6983311179230facb1017 ndiswan.sys
Microsoft Corporation

a4bdc541e69674fbff1a8ff00be913f2 ndproxy.sys
Microsoft Corporation

80b275b1ce3b0e79909db7b39af74d51 netbios.sys
Microsoft Corporation

280122ddcf04b378edd1ad54d71c1e54 netbt.sys
Microsoft Corporation

2899ef7aeef6913ed4fcb0e8a7a04f46 netio.sys
Microsoft Corporation

1d85c4b390b0ee09c7a46b91efb2c097 nfrd960.sys
IBM Corp

7b01c6172cfd0b10116175e09200d4b4 NisDrvWFP.sys
Microsoft Corporation

dfeabb7cfffadea4a912ab95bdc3177a nmsunidr.sys
rH`||VS_VERSION_INFObb?StringFileInfodbCommentsvCompanyNameGtekoLtd.>vFileDescriptionGUniDriverbFileVersion,,,vInternalNameGUniDrivern%LegalCopyrightCopyright©-GtekoLtd.(LegalTrademarksFOriginalFilenameGUniDriver.sysPrivateBuildDProductNameGtekoDiagnostics<bProductVersion,,,SpecialBuildDVarFileInfo$Translationr*

4c3726467d67483f054c88f058e9c153 nmwcdcj.sys
tH`*VS_VERSION_INFOSS?StringFileInfob,CompanyNameNokiabFileDescriptionNokiaUSBPhoneModemClienttFileVersion...bInternalNameNMWCDCM?LegalCopyrightCopyright©,,,[email protected]fo$Translationt*

4c3726467d67483f054c88f058e9c153 nmwcdcm.sys
tH`*VS_VERSION_INFOSS?StringFileInfob,CompanyNameNokiabFileDescriptionNokiaUSBPhoneModemClienttFileVersion...bInternalNameNMWCDCM?LegalCopyrightCopyright©,,,[email protected]fo$Translationt*

bbb6010fc01d9239d88fcdf133e03ff0 nmwcdc.sys
tHVS_VERSION_INFOSS?StringFileInfob,CompanyNameNokiafFileDescriptionNokiaUSBPhoneGenericClienttFileVersion....aInternalNameNMWCDCDLegalCopyrightCopyright©,,,,.Nokia.Allrightsreserved.>vOriginalFilenamenmwcdc.sysDVarFileInfo$Translationt

696b37ea78f9d9767a2f18ba0304a51a nmwcd.sys
tH`VS_VERSION_INFOSS?StringFileInfob,CompanyNameNokia^FileDescriptionNokiaUSBPhoneBusDrivertFileVersion...,InternalNameNMWCDDLegalCopyrightCopyright©,,,,.Nokia.Allrightsreserved.<nOriginalFilenamenmwcd.sysDVarFileInfo$Translationt

1db262a9f8c087e8153d89bef3d2235f npfs.sys
Microsoft Corporation

e9a0a4d07e53d8fea2bb8387a3293c58 nsiproxy.sys
Microsoft Corporation

81189c3d7763838e55c397759d49007a ntfs.sys
Microsoft Corporation

f9756a98d69098dca8945d62858a812c null.sys
Microsoft Corporation

5a0983915f02bae73267cc2a041f717d NV_AGP.SYS
Microsoft Corporation

847b1755f7757f825305a1ffe6dac3e9 nvlddmkm.sys
NVIDIA Corporation

b3e25ee28883877076e0e1ff877d02e0 nvraid.sys
NVIDIA Corporation

4380e59a170d88c4f1022eff6719a8a4 nvstor.sys
NVIDIA Corporation

26384429fcd85d83746f63e798ab1480 nwifi.sys
Microsoft Corporation

08a70a1f2cdde9bb49b885cb817a66eb ohci1394.sys
Microsoft Corporation

6270ccae2a86de6d146529fe55b3246a pacer.sys
Microsoft Corporation

2ea877ed5dd9713c5ac74e8ea7348d14 parport.sys
Microsoft Corporation

bf8f6af06da75b336f07e23aef97d93b partmgr.sys
Microsoft Corporation

eb0a59f29c19b86479d36b35983daadc parvdm.sys
Microsoft Corporation

fd2041e9ba03db7764b2248f02475079 pccsmcfd.sys
tH`CVS_VERSION_INFOaa?StringFileInfob,CompanyNameNokiafFileDescriptionPCCSModeChangeFilterDriverbFileVersion...:rInternalNamepccsmcfd.sys:LegalCopyrightCopyright©,,.Nokia.Allrightsreserved.BrOriginalFilenamepccsmcfd.sysDVarFileInfo$Translationt*

afe86f419014db4e5593f69ffe26ce0a pciide.sys
Microsoft Corporation

ede040d666ff81bf1978d0f19f799e7a pciidex.sys
Microsoft Corporation

673e55c3498eb970088e812ea820aa8f pci.sys
Microsoft Corporation

f396431b31693e71e8a80687ef523506 pcmcia.sys
Microsoft Corporation

250f6b43d2b613172035c6747aeeb19f pcw.sys
Microsoft Corporation

9e0104ba49f4e6973749a02bf41344ed PEAuth.sys
Microsoft Corporation

0d7bdeaac7a43f5b2c4dd896c24d252d pfmodnt.sys
Creative Technology

fab495f1defeb596c44b9752a25e2a60 pmxmouse.sys
H`llVS_VERSION_INFO?StringFileInfobPCompanyNamePrimaxElectronicsLtd.FileDescriptionMouseSuiteDriver(ForWindowsandWhistlerOnly)bFileVersion...:rInternalNamePelmouse.sysLegalCopyrightCopyright©PrimaxElectronicsLtd.-BrOriginalFilenamePelmouse.sys:rProductNamePrimaxMousebProductVersion...DVarFileInfo$Translationt*

020eae9dfe3cd277994ce60e4c2c71cf pmxusblf.sys
H`*LLVS_VERSION_INFO?StringFileInfobPCompanyNamePrimaxElectronicsLtd.|*FileDescriptionUSBMouseLowFilterDriver(Winonly)bFileVersion...:rInternalNamePelusblf.sysz+LegalCopyrightCopyright©PrimaxElectronicsLtd.BrOriginalFilenamePelusblf.sysBProductNamePrimaxUSBMousebProductVersion...DVarFileInfo$Translationt*

d72708c9f49500c13d7d067e169b7715 portcls.sys
Microsoft Corporation

85b1e3a0c7585bc4aae6899ec6fcf011 processr.sys
Microsoft Corporation

e42e3433dbb4cffe8fdd91eab29aea8e pxhelp20.sys
Sonic Solutions

ab95ecf1f6659a60ddc166d8315b0751 ql2300.sys
QLogic Corporation

b4dd51dd25182244b86737dc51af2270 ql40xx.sys
QLogic Corporation

584078ca1b95ca72df2a27c336f9719d qwavedrv.sys
Microsoft Corporation

30a81b53c766d0133bb86d234e5556ab rasacd.sys
Microsoft Corporation

d9f91eafec2815365cbe6d167e4e332a rasl2tp.sys
Microsoft Corporation

0fe8b15916307a6ac12bfb6a63e45507 raspppoe.sys
Microsoft Corporation

631e3e205ad6d86f2aed6a4a8e69f2db raspptp.sys
Microsoft Corporation

44101f495a83ea6401d886e7fd70096b rassstp.sys
Microsoft Corporation

d528bc58a489409ba40334ebf96a311b rdbss.sys
Microsoft Corporation

0d8f05481cb76e70e1da06ee9f0da9df rdpbus.sys
Microsoft Corporation

23dae03f29d253ae74c44f99e515f9a1 RDPCDD.sys
Microsoft Corporation

b973fcfc50dc1434e1970a146f7e3885 rdpdr.sys
Microsoft Corporation

5a53ca1598dd4156d44196d200c94b8a RDPENCDD.sys
Microsoft Corporation

44b0a53cd4f27d50ed461dae0c0b4e1f RDPREFMP.sys
Microsoft Corporation

68a0387f58e226deee23d9715955572a rdpvideominiport.sys
Microsoft Corporation

288b06960d78428ff89e811632684e20 rdpwd.sys
Microsoft Corporation

518395321dc96fe2c9f0e96ac743b656 rdyboost.sys
Microsoft Corporation

cb928d9e6daf51879dd6ba8d02f01321 rfcomm.sys
Microsoft Corporation

906dcfc5ebf4ec0433f8d4fffb0ba334 rmcast.sys
Microsoft Corporation

7400cfab5cf36f2294e80b3f3bda3ebc RNDISMP.sys
Microsoft Corporation

5528a10990c555ced3b08b8d57bb5fc3 rndismpx.sys
Microsoft Corporation

564297827d213f52c7a3a2ff749568ca rootmdm.sys
Microsoft Corporation

032b0d36ad92b582d869879f5af5b928 rspndr.sys
Microsoft Corporation

83e64d86a4d888d973de824780567518 RTL8192su.sys
Realtek Semiconductor

05d860da1040f111503ac416ccef2bca sbp2port.sys
Microsoft Corporation

9feb2026a460916d1a1198b460632630 scdemu.sys
tHVS_VERSION_INFObb?StringFileInfobHCommentshttp://www.poweriso.comRCompanyNamePowerISOComputing,Inc.VFileDescriptionPowerISOVirtualDrivevFileVersion,,,.aInternalNameSCDEMUTLegalCopyrightCopyright©-(LegalTrademarks>vOriginalFilenamescdemu.sysPrivateBuild.aProductNamescdemu:vProductVersion,,,SpecialBuildDVarFileInfo$Translationt

0693b5ec673e34dc147e195779a4dcf6 scfilter.sys
Microsoft Corporation

099972e1faf4950d3994fbab9dd21253 scsiport.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

9ad8b8b515e3df6acd4212ef465de2d1 serenum.sys
Microsoft Corporation

5fb7fcea0490d821f26f39cc5ea3d1e2 serial.sys
Microsoft Corporation

79bffb520327ff916a582dfea17aa813 sermouse.sys
Microsoft Corporation

edb05bd63148796f23ea78506404a538 serscan.sys
Microsoft Corporation

9f976e1eb233df46fce808d9dea3eb9c sffdisk.sys
Microsoft Corporation

932a68ee27833cfd57c1639d375f2731 sffp_mmc.sys
Microsoft Corporation

6d4ccaedc018f1cf52866bbbaa235982 sffp_sd.sys
Microsoft Corporation

db96666cc8312ebc45032f30b007a547 sfloppy.sys
Microsoft Corporation

2565cac0dc9fe0371bdce60832582b2e SISAGP.SYS
Microsoft Corporation

a9f0486851becb6dda1d89d381e71055 sisraid2.sys
Silicon Integrated Systems

3727097b55738e2f554972c3be5bc1aa sisraid4.sys
Silicon Integrated Systems

3e21c083b8a01cb70ba1f09303010fce smb.sys
Microsoft Corporation

2e467e6ca8e0a140c08011844c0d3936 smclib.sys
Microsoft Corporation

b6aa9bbff890ffea333ffe81d0b888ff snapman.sys
Acronis

95cf1ae7527fb70f7816563cbc09d942 spldr.sys
Microsoft Corporation

d16d818e9930a6e5b4f6476dd0998d1a spsys.sys
Microsoft Corporation

d15da1ba189770d93eea2d7e18f95af9 sptd.sys
Duplex Secure

03f0545bd8d4c77fa0ae1ceedfcc71ab srv2.sys
Microsoft Corporation

be6bd660caa6f291ae06a718a4fa8abc srvnet.sys
Microsoft Corporation

e4c2764065d66ea1d2d3ebc28fe99c46 srv.sys
Microsoft Corporation

9ece19a1a4f4896597c3bb840fbfa721 ssm_bus.sys
MCCI SAMSUNG

ed2ee4ba7169d0a68b2fbb7dcfa6d69d ssm_cmnt.sys
MCCI SAMSUNG

ed2ee4ba7169d0a68b2fbb7dcfa6d69d ssm_cm.sys
MCCI SAMSUNG

8e93a17a5253999a0e7c332f475699dc ssm_mdfl.sys
MCCI SAMSUNG

c0ba1357c63deacf3b3ccf4b989fef06 ssm_mdm.sys
MCCI SAMSUNG

e09e2592db41bf4b5ddf7f80b2f296fe ssm_whnt.sys
MCCI SAMSUNG

e09e2592db41bf4b5ddf7f80b2f296fe ssm_wh.sys
MCCI SAMSUNG

306521935042fc0a6988d528643619b3 StarOpen.sys

db32d325c192b801df274bfd12a7e72b stexstor.sys
Promise Technology

ef3d32464ebbb10449465c8cab57ca19 storport.sys
Microsoft Corporation

dcaffd62259e0bdb433dd67b5bb37619 storvsc.sys
Microsoft Corporation

45b44fc9e5ac0db02b19d515ee809de5 stream.sys
Microsoft Corporation

167909a1c36aa3e8f2582962f0ccc748 stwrt.sys
SigmaTel

e58c78a848add9610a4db6d214af5224 swenum.sys
Microsoft Corporation

949c35bf4ae6c110a924ab5e2175dda7 tape.sys
Microsoft Corporation

0c3b2a9c4bd2dd9a6c2e4084314dd719 taphss.sys
tH`^``VS_VERSION_INFO?bStringFileInfoB>CompanyNameAnchorFreeIncj!FileDescriptionTAP-WinVirtualNetworkDriver^FileVersion._rc/builtby:WinDDKvInternalNametaphss.sysZLegalCopyrightOpenVPNTechnologies,Inc.>vOriginalFilenametaphss.sysb![email protected]_rc/DVarFileInfo$Translationt

cca24162e055c3714ce5a88b100c64ed tcpipreg.sys
Microsoft Corporation

65d10b191c59c5501a1263fc33f6894b tcpip.sys
Microsoft Corporation

2f885864d5bc8a16c86bee595969a48a tdi.sys
Microsoft Corporation

1cb91b2bd8f6dd367dfc2ef26fd751b2 tdpipe.sys
Microsoft Corporation

2c10395baa4847f83042813c515cc289 tdtcp.sys
Microsoft Corporation

b459575348c20e8121d6039da063c704 tdx.sys
Microsoft Corporation

04dbf4b01ea4bf25a9a3e84affac9b20 termdd.sys
Microsoft Corporation

b84b82c0cbeb1b0d7eb7a946bade5830 tifsfilt.sys
Acronis

68b3daa08ea06737022832fccffb9b75 timntr.sys
Acronis

01c90086cd37e7e8d9a827e24167fcb7 tosrfusb.sys
?aXStringFileInfobCommentsHCompanyNameTOSHIBACORPORATIONdFileDescriptionBluetoothUSBMiniportDriver<FileVersion,,,:rInternalNameTOSRFUSB.SYS|,LegalCopyrightCopyright©-,TOSHIBACORPORATION(LegalTrademarksBrOriginalFilenameTOSRFUSB.SYSPrivateBuildx,ProductNameMicrosoft®WindowsNT®[email protected],,,SpecialBuildDVarFileInfo$Translationt*

254bb140eee3c59d6114c1a86b636877 tssecsrv.sys
Microsoft Corporation

fd1d6c73e6333be727cbcc6054247654 TsUsbFlt.sys
Microsoft Corporation

b2fa25d9b17a68bb93d58b0556e8c90d tunnel.sys
Microsoft Corporation

750fbcb269f4d7dd2e420c56b795db6d UAGP35.SYS
Microsoft Corporation

ee43346c7e4b5e63e54f927babbb32ff udfs.sys
Microsoft Corporation

44e8048ace47befbfdc2e9be4cbc8880 ULIAGPKX.SYS
Microsoft Corporation

d295bed4b898f0fd999fcfa9b32b071b umbus.sys
Microsoft Corporation

7550ad0c6998ba1cb4843e920ee0feac umpass.sys
Microsoft Corporation

b71da871254d96d0349639d03e4c1cc1 usb8023.sys
Microsoft Corporation

d82f43d15fdaa666856c0190cb73e7c9 usb8023x.sys
Microsoft Corporation

83cafcb53201bbac04d822f32438e244 usbaapl.sys
Apple

e071e5be621fec4590117c488a78ae32 USBCAMD2.sys
Microsoft Corporation

fd82d2b38c465a55c527e339ba1201b1 USBCAMD.sys
Microsoft Corporation

bd9c55d7023c5de374507acc7a14e2ac usbccgp.sys
Microsoft Corporation

04ec7cec62ec3b6d9354eee93327fc82 usbcir.sys
Microsoft Corporation

5787196f32d043572ec6565c0ef1b8e0 usbd.sys
Microsoft Corporation

f92de757e4b7ce9c07c5e65423f3ae3b usbehci.sys
Microsoft Corporation

8dc94aec6a7e644a06135ae7506dc2e9 usbhub.sys
Microsoft Corporation

e185d44fac515a18d9deddc23c2cdf44 usbohci.sys
Microsoft Corporation

3aa940aa9ac3055fe32ff2d3d20ccd28 usbport.sys
Microsoft Corporation

797d862fe0875e75c7cc4c1ad7b30252 usbprint.sys
Microsoft Corporation

1a078c3fe1c1f9c8561cd600c69ad300 usbrpm.sys
Microsoft Corporation

31181de6190b39fc8007dffd1a48ffd6 usbser.sys
Microsoft Corporation

f991ab9cc6b908db552166768176896a USBSTOR.SYS
Microsoft Corporation

68df884cf41cdada664beb01daf67e3d usbuhci.sys
Microsoft Corporation

a059c4c3edb09e07d21a8e5c0aabd3cb vdrvroot.sys
Microsoft Corporation

17c408214ea61696cec9c66e388b14f3 vgapnp.sys
Microsoft Corporation

8e38096ad5c8570a6f1570a61e251561 vga.sys
Microsoft Corporation

5461686cca2fda57b024547733ab42e3 vhdmp.sys
Microsoft Corporation

c829317a37b4bea8f39735d4b076e923 VIAAGP.SYS
Microsoft Corporation

e02f079a6aa107f06b16549c6e5c7b74 viac7.sys
Microsoft Corporation

e43574f6a56a0ee11809b48c09e4fd3c viaide.sys
VIA Technologies

15c126d1b55814b9e5cab10a9c1f4c67 videoprt.sys
Microsoft Corporation

d4d77455211e204f370d08f4963063ce VMBusHID.sys
Microsoft Corporation

c2f2911156fdc7817c52829c86da494e vmbus.sys
Microsoft Corporation

7fa7f2e249a5dcbb7970630e15e1f482 vms3cap.sys
Microsoft Corporation

472af0311073dceceaa8fa18ba2bdf89 vmstorfl.sys
Microsoft Corporation

4c63e00f2f4b5f86ab48a58cd990f212 volmgr.sys
Microsoft Corporation

b5bb72067ddddbbfb04b2f89ff8c3c87 volmgrx.sys
Microsoft Corporation

f497f67932c6fa693d7de2780631cfe7 volsnap.sys
Microsoft Corporation

9dfa0cc2f8855a04816729651175b631 vsmraid.sys
VIA Technologies

90567b1e658001e79d7c8bbd3dde5aa6 vwifibus.sys
Microsoft Corporation

7090d3436eeb4e7da3373090a23448f7 vwififlt.sys
Microsoft Corporation

a3f04cbea6c2a10e6cb01f8b47611882 vwifimp.sys
Microsoft Corporation

de3721e89c653aa281428c8a69745d90 wacompen.sys
Microsoft Corporation

3c3c78515f5ab448b022bdf5b8ffdd2e wanarp.sys
Microsoft Corporation

cb45a417c8ef7ba6bac67edcdded8700 watchdog.sys
Microsoft Corporation

9950e3d0f08141c7e89e64456ae7dc73 Wdf01000.sys
Microsoft Corporation

fe7a7675c26fe936226641ef32ae9bb5 WdfLdr.sys
Microsoft Corporation

1112a9badacb47b7c0bb0392e3158dff wd.sys
Microsoft Corporation

8b9a943f3b53861f2bfaf6c186168f79 wfplwf.sys
Microsoft Corporation

5cf95b35e59e2a38023836fff31be64c wimmount.sys
Microsoft Corporation

62ba4fdca65bdb69695e0d1157c57717 winhv.sys
Microsoft Corporation

a67e5f9a400f3bd1be3d80613b45f708 winusb.sys
Microsoft Corporation

0217679b8fca58714c3bf2726d2ca84e wmiacpi.sys
Microsoft Corporation

9a5b1059fe015db5269fbb25acbf841d wmilib.sys
Microsoft Corporation

6db3276587b853bf886b69528fdb048c ws2ifsl.sys
Microsoft Corporation

e714a1c0354636837e20ccbf00888ee7 WUDFPf.sys
Microsoft Corporation

1023ee888c9b47178c5293ed5336ab69 WUDFRd.sys
Microsoft Corporation

Driver report for /mnt/sda2/Windows/System32/drivers

b46aa621e7bd4fe150bcc140daceda1b 1394bus.sys
Microsoft Corporation

192bdbd1540645c4a2aa69f24cce197f acpi.sys
Microsoft Corporation

2edc5bbac6c651ece337bde8ed97c9fb adp94xx.sys
Adaptec

b84088ca3cdca97da44a984c6ce1ccad adpahci.sys
Adaptec

7880c67bccc27c86fd05aa2afb5ea469 adpu160m.sys
Adaptec

9ae713f8e30efc2abccd84904333df4d adpu320.sys
Adaptec

5d24caf8efd924a875698ff28384db8b afd.sys
Microsoft Corporation

ef23439cdd587f64c2c1b8825cead7d8 AGP440.sys
Microsoft Corporation

90395b64600ebb4552e26e178c94b2e4 aliide.sys
Acer Laboratories

2b13e304c9dfdfa5eb582f6a149fa2c7 AMDAGP.SYS
Microsoft Corporation

0577df1d323fe75a739c787893d300ea amdide.sys
Microsoft Corporation

dc487885bcef9f28eece6fac0e5ddfc5 amdk7.sys
Microsoft Corporation

0ca0071da4315b00fc1328ca86b425da amdk8.sys
Microsoft Corporation

957f7540b5e7f602e44648c7de5a1c05 arcsas.sys
Adaptec

5f673180268bb1fdb69c99b6619fe379 arc.sys
Adaptec

e86cf7ce67d5de898f27ef884dc357d8 asyncmac.sys
Microsoft Corporation

4f4fcb8b6ea06784fb6d475b7ec7300f atapi.sys
Microsoft Corporation

bf1dc83332edfdcfacb1be080e119655 ataport.sys
Microsoft Corporation

87d8e49d1615d419efceddefe02161cc battc.sys
Microsoft Corporation

913cd06fbe9105ce6077e90fd4418561 bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

b304e75cff293029eddf094246747113 BrSerId.sys
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

ad07c1ec6665b8b35741ab91200c6b68 bthmodem.sys
Microsoft Corporation

6c3a437fc873c6f6a4fc620b6888cb86 cdfs.sys
Microsoft Corporation

8d1866e61af096ae8b582454f5e4d303 cdrom.sys
Microsoft Corporation

d1d2b10698d97df0fc95bc8c108f09c1 Classpnp.sys
Microsoft Corporation

45201046c776ffdaf3fc8a0029c581c8 cmdide.sys
CMD Technology

82b8c91d327cfecf76cb58716f7d4997 compbatt.sys
Microsoft Corporation

22a7f883508176489f559ee745b5bf5d crusoe.sys
Microsoft Corporation

a7179de59ae269ab70345527894ccd7c dfsc.sys
Microsoft Corporation

841af4c4d41d3e3b2f244e976b0f7963 disk.sys
Microsoft Corporation

ae1fdf7bf7bb6c6a70f67699d880592a djsvs.sys
Adaptec

c4a6c98628b8f697c743b2e0b55ca8e7 dumpfve.sys
Microsoft Corporation

a253aa14ca560a4b8ba6e9d1f78ef10e dxapi.sys
Microsoft Corporation

61d4d58d09357f0598a04d1192a4b76c dxg.sys
Microsoft Corporation

04944f4fc4f0477185f5d26ae0ddb90e e1e6032.sys
Intel Corporation

e8f3f21a71720c84bcf423b80028359f elxstor.sys
Emulex

84a317cb0b3954d3768cdcd018dbf670 fastfat.sys
Microsoft Corporation

190643bef74c8b30c8276d5979f5d62b fbwf.sys
Microsoft Corporation

63bdada84951b9c03e641800e176898a fdc.sys
Microsoft Corporation

6603957eff5ec62d25075ea8ac27de68 flpydisk.sys
Microsoft Corporation

a6a8da7ae4d53394ab22ac3ab6d3f5d3 fltMgr.sys
Microsoft Corporation

1ed8599e1e08ba40f2b7301f0b83583a fs_rec.sys
Microsoft Corporation

06a1cf72fbe3b50035fbff428c8d84b4 fvevol.sys
Microsoft Corporation

e216cf8c8605e546981098484b78d08b FWPKCLNT.SYS
Microsoft Corporation

4e1cd0a45c50a8882616cae5bf82f3c5 GAGP30KX.SYS
Microsoft Corporation

5fd053f305b77ebe97f284b20d89dc1c hdaudbus.sys
Microsoft Corporation

1338520e78d90154ed6be8f84de5fceb hidbth.sys
Microsoft Corporation

081655939fa6c09eec56da090f461ecc hidclass.sys
Microsoft Corporation

ff3160c3a2445128c5a6d9b076da519e hidir.sys
Microsoft Corporation

451a4d76448cee21407fb0a9a362c057 hidparse.sys
Microsoft Corporation

3c64042b95e583b366ba4e5d2450235e hidusb.sys
Microsoft Corporation

df353b401001246853763c4b7aaa6f50 HpCISSs.sys
Hewlett-Packard

8420bf9ad8ae0b4a96f30bd7c8fb9adf i2omgmt.sys
Microsoft Corporation

324c2152ff2c61abae92d09f3cca4d63 i2omp.sys
Microsoft Corporation

1060f1377f395a242e27719440ece602 i8042prt.sys
Microsoft Corporation

e5a0034847537eaee3c00349d5c34c5f iaStor.sys
Intel Corporation

c957bf4b5d80b46c5017bf0101e6c906 iaStorV.sys
Intel Corporation

2d077bf86e843f901d8db709c95b49a5 iirsp.sys
Intel Corp

97469037714070e45194ed318d636401 intelide.sys
Microsoft Corporation

ce44cc04262f28216dd4341e9e36a16f intelppm.sys
Microsoft Corporation

40f34f8aba2a015d780e4b09138b6c17 IPMIDrv.sys
Microsoft Corporation

350fca7e73cf65bcef43fae1e4e91293 isapnp.sys
Microsoft Corporation

bced60d16156e428f8df8cf27b0df150 iteatapi.sys
Integrated Technology Express

06fa654504a498c30adca8bec4e87e7e iteraid.sys
Integrated Technology Express

1a48765f92ba1a88445fc25c9c9d94fc kbdclass.sys
Microsoft Corporation

d2600cb17b7408b4a83f231dc9a11ac3 kbdhid.sys
Microsoft Corporation

11d0bc1f2afd8abbb5a3dc47a042de54 ksecdd.sys
Microsoft Corporation

48314cdd79ce94b8f36bd6243323a310 ks.sys
Microsoft Corporation

a2262fb9f28935e862b4db46438c80d2 lsi_fc.sys
LSI Logic

30d73327d390f72a62f32c103daf1d6d lsi_sas.sys
LSI Logic

e1e36fefd45849a95f1ab81de0159fe3 lsi_scsi.sys
LSI Logic

0447888a6feb655068bd1696d1c16a5b mcd.sys
Microsoft Corporation

d153b14fc6598eae8422a2037553adce megasas.sys
LSI Logic

3c9469dfb3440555dab070716d768b1e mouclass.sys
Microsoft Corporation

a3a6dff7e9e757db3df51a833bc28885 mouhid.sys
Microsoft Corporation

01f1e5a3e4877c931cbb31613fec16a6 mountmgr.sys
Microsoft Corporation

8d326e8b321685d4784afa1c55169d73 mpsdrv.sys
Microsoft Corporation

4fbbb70d30fd20ec51f80061703b001e Mraid35x.sys
LSI Logic

58a9ab5754fa4cabede7401283b5a771 mrxsmb10.sys
Microsoft Corporation

79b09504e4a790104683722cd04f76b4 mrxsmb20.sys
Microsoft Corporation

fca7563d87f71c6db0182ca67cc19aa7 mrxsmb.sys
Microsoft Corporation

742aed7939e734c36b7e8d6228ce26b7 msahci.sys
Microsoft Corporation

729eafefd4e7417165f353a18dbe947d msfs.sys
Microsoft Corporation

5f454a16a5146cd91a176d70f0cfa3ec msisadrv.sys
Microsoft Corporation

4dca456d4d5723f8fa9c6760d240b0df msiscsi.sys
Microsoft Corporation

892cedefa7e0ffe7be8da651b651d047 mskssrv.sys
Microsoft Corporation

ae2cb1da69b2676b4cee2a501af5871c mspclock.sys
Microsoft Corporation

f910da84fa90c44a3addb7cd874463fd mspqm.sys
Microsoft Corporation

84571c0ae07647ba38d493f5f0015df7 msrpc.sys
Microsoft Corporation

4385c80ede885e25492d408cad91bd6f mssmbios.sys
Microsoft Corporation

c826dd1373f38afd9ca46ec3c436a14e mstee.sys
Microsoft Corporation

fa7aa70050cf5e2d15de00941e5665e5 mup.sys
Microsoft Corporation

227c11e1e7cf6ef8afb2a238d209760c ndis.sys
Microsoft Corporation

7584f1794b23b83d63cc124a8c56d103 ndistapi.sys
Microsoft Corporation

397402adcbb8946223a1950101f6cd94 ndiswan.sys
Microsoft Corporation

874c12e3ad1431cabc854697d302c563 ndproxy.sys
Microsoft Corporation

356dbb9f98e8dc1028dd3092fceeb877 netbios.sys
Microsoft Corporation

e3a168912e7eefc3bd3b814720d68b41 netbt.sys
Microsoft Corporation

f4d83b4bf1613ca1dd3887089b648247 netio.sys
Microsoft Corporation

2e7fb731d4790a1bc6270accefacb36e nfrd960.sys
IBM Corp

4f9832beb9fafd8ceb0e541f1323b26e npfs.sys
Microsoft Corporation

b488dfec274de1fc9d653870ef2587be nsiproxy.sys
Microsoft Corporation

3f379380a4a2637f559444e338cf1b51 ntfs.sys
Microsoft Corporation

e875c093aec0c978a90f30c9e0dfbb72 ntrigdigi.sys
N-trig Innovative Technologies

ec5efb3c60f1b624648344a328bce596 null.sys
Microsoft Corporation

07c186427eb8fcc3d8d7927187f260f7 NV_AGP.SYS
Microsoft Corporation

e69e946f80c1c31c53003bfbf50cbb7c nvraid.sys
NVIDIA Corporation

9e0ba19a28c498a6d323d065db76dffc nvstor.sys
NVIDIA Corporation

be32da025a0be1878f0ee8d6d9386cd5 ohci1394.sys
Microsoft Corporation

0fa9b5055484649d63c303fe404e5f4d parport.sys
Microsoft Corporation

555a5b2c8022983bc7467bc925b222ee partmgr.sys
Microsoft Corporation

4f9a6a8a31413180d0fcb279ad5d8112 parvdm.sys
Microsoft Corporation

3b1901e401473e03eb8c874271e50c26 pciide.sys
Microsoft Corporation

12149268080ddfe98fd1fb4a83c857d7 pciidex.sys
Microsoft Corporation

1085d75657807e0e8b32f9e19a1647c3 pci.sys
Microsoft Corporation

e6f3fb1b86aa519e7698ad05e58b04e5 pcmcia.sys
Microsoft Corporation

0e3cef5d28b40cf273281d620c50700a processr.sys
Microsoft Corporation

ccdac889326317792480c0a67156a1ec ql2300.sys
QLogic Corporation

81a7e5c076e59995d54bc1ed3a16e60b ql40xx.sys
QLogic Corporation

50e80f018d1617211d64be8bca7399be ramdisk.sys
Microsoft Corporation

bd7b30f55b3649506dd8b3d38f571d2a rasacd.sys
Microsoft Corporation

88587dd843e2059848995b407b67f6cf rasl2tp.sys
Microsoft Corporation

ccf4e9c6cbbac81437f88cb2ae0b6c96 raspppoe.sys
Microsoft Corporation

6c359ac71d7b550a0d41f9db4563ce05 raspptp.sys
Microsoft Corporation

54129c5d9581bbec8bd1ebd3ba813f47 rdbss.sys
Microsoft Corporation

e8bd98d46f2ed77132ba927fccb47d8b rdpdr.sys
Microsoft Corporation

880b90551bf438fe970b24ee228907d5 sacdrv.sys
Microsoft Corporation

3ce8f073a557e172b330109436984e30 sbp2port.sys
Microsoft Corporation

f5dbd29fbdb39bf49af7bb81a4d9561d scsiport.sys
Microsoft Corporation

68e44e331d46f0fb38f0863a84cd1a31 serenum.sys
Microsoft Corporation

c70d69a918b178d3c3b06339b40c2e1b serial.sys
Microsoft Corporation

fd06895f55c0bec3cbd84bda14e1c6b7 sermouse.sys
Microsoft Corporation

46ed8e91793b2e6f848015445a0ac188 sfloppy.sys
Microsoft Corporation

d2a595d6eebeeaf4334f8e50efbc9931 SISAGP.SYS
Microsoft Corporation

cedd6f4e7d84e9f98b34b3fe988373aa sisraid2.sys
Silicon Integrated Systems

df843c528c4f69d12ce41ce462e973a7 sisraid4.sys
Silicon Integrated Systems

ac0d90738adb51a6fd12ff00874a2162 smb.sys
Microsoft Corporation

4e7bb783f21efba4b563f1b8f79e5c98 smclib.sys
Microsoft Corporation

ed386e31d263448b2ed36d4839f2ca04 Storport.sys
Microsoft Corporation

c13b3688451d86e8557ba9486ddbb2d1 stream.sys
Microsoft Corporation

1379bdb336f8158c176a465e30759f57 swenum.sys
Microsoft Corporation

192aa3ac01df071b541094f251deed10 symc8xx.sys
LSI Logic

8c8eb8c76736ebaf3b13b633b2e64125 sym_hi.sys
LSI Logic

8072af52b5fd103bbba387a1e49f62cb sym_u3.sys
LSI Logic

c92e9f3e4154415ceebeb80250e32d19 tape.sys
Microsoft Corporation

d944522b048a5feb7700b5170d3d9423 tcpip.sys
Microsoft Corporation

bbe07d2766fb165bdf1f49107dabce85 tdi.sys
Microsoft Corporation

ab4fde8af4a0270a46a001c08cbce1c2 tdx.sys
Microsoft Corporation

2c549bd9dd091fbfaa0a2a48e82ec2fb termdd.sys
Microsoft Corporation

c3ade15414120033a36c0f293d4a4121 UAGP35.SYS
Microsoft Corporation

6348da98707ceda8a0dfb05820e17732 udfs.sys
Microsoft Corporation

75e6890ebfce0841d3291b02e7a8bdb0 ULIAGPKX.SYS
Microsoft Corporation

3cd4ea35a6221b85dcc25daa46313f8d uliahci.sys
ULi Electronics

38c3c6e62b157a6bc46594fada45c62b ulsata2.sys
Promise Technology

8514d0e5cd0534467c5fc61be94a569f ulsata.sys
Promise Technology

3fb78f1d1dd86d87bececd9dffa24dd9 umbus.sys
Microsoft Corporation

d2f0639163b12f791f81b52dc1155863 USBCAMD2.sys
Microsoft Corporation

391e74f5c8c5b3c41c360b71798e2801 USBCAMD.sys
Microsoft Corporation

8bd3ae150d97ba4e633c6c5c51b41ae1 usbccgp.sys
Microsoft Corporation

e5350a6599d84f73da3dc87183c40bd7 usbd.sys
Microsoft Corporation

63fe924d8a1113c3ba6750693fbec7d3 usbehci.sys
Microsoft Corporation

5edec5510592c905e91817707dce62a2 usbhub.sys
Microsoft Corporation

38dbc7dd6cc5a72011f187425384388b usbohci.sys
Microsoft Corporation

7f510748487d3d67c70fe5fb061fe55a usbport.sys
Microsoft Corporation

b51e52acf758be00ef3a58ea452fe360 usbprint.sys
Microsoft Corporation

fdbaabf07244c60b0f4e0a6e71a107c6 USBSTOR.SYS
Microsoft Corporation

325dbbacb8a36af9988ccf40eac228cc usbuhci.sys
Microsoft Corporation

17a8f877314e4067f8c8172cc6d9101c vga.sys
Microsoft Corporation

045d9961e591cf0674a920b6ba3ba5cb VIAAGP.SYS
Microsoft Corporation

56a4de5f02f2e88182b0981119b4dd98 viac7.sys
Microsoft Corporation

fd2e3175fcada350c7ab4521dca187ec viaide.sys
VIA Technologies

d1fa901e4878b7011fe8a8c2890e90c7 videoprt.sys
Microsoft Corporation

103e84c95832d0ed93507997cc7b54e8 volmgr.sys
Microsoft Corporation

294da8d3f965f6a8db934a83c7b461ff volmgrx.sys
Microsoft Corporation

11ef6c1caef76b685233450a126125d6 volsnap.sys
Microsoft Corporation

d984439746d42b30fc65a4c3546c6829 vsmraid.sys
VIA Technologies

48dfee8f1af7c8235d4e626f0c4fe031 wacompen.sys
Microsoft Corporation

6e1a5be9a0605f3d932ff35fba2b22b3 wanarp.sys
Microsoft Corporation

3a1f38a6fb749fc7a57a2826f6f8fb01 watchdog.sys
Microsoft Corporation

5dfdbd5ef13e4d95be6fc108e2ed4a67 Wdf01000.sys
Microsoft Corporation

2ad694d25fdfda2abaa19fd297a59b47 WdfLdr.sys
Microsoft Corporation

afc5ad65b991c1e205cf25cfdbf7a6f4 wd.sys
Microsoft Corporation

536040650698a73629b7ba5d3586c714 wimfsf.sys
Microsoft Corporation

701a9f884a294327e9141d73746ee279 wmiacpi.sys
Microsoft Corporation

20b05e362bb678cf51d610673c9a12e7 wmilib.sys
Microsoft Corporation

84620aecdcfd2a7a14e6263927d8c0ed ws2ifsl.sys
Microsoft Corporation
  • 0

Advertisements


#26
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
That wasn't showing me what I was hoping to see.

I'd like to get a dump of your Master Boot Record.

Try this please. You will need a USB drive.

  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Boot the computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.
  • 0

#27
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi there!

I couldn't get that to work - after putting the files on the USB drive and selecting that option from the boot menu, the PC does not boot from the USB drive. Any suggestions or alternatives?
  • 0

#28
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Sorry to hear that you ran into issues with trying that.

I'd like to have you try running a scan for corrupt files.

SFC ScanNow

We need to run SFC Scan Now.

We will need to open up an elevated command prompt. This can be down by clicking on Start > All Programs > Accessories, right click on Command Prompt, and then click on Run as Administrator.

You will need to click Allow.

Type the following command below, and then press ENTER:

sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.


Please let me know how the above scan goes and if it finds any files that need to be replaced.

Kindest Regards,
ST.
  • 0

#29
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi ST

that completed fine, the result was "Verification 100% complete. Windows Resource Protection did not find any integrity violations".
  • 0

#30
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please run this scan for me:

SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    C:\Windows\system32\DRIVERS\AegisP.sys
    C:\Windows\system32\FsUsbExDisk.SYS
    C:\Windows\system32\ckldrv.sys
    C:\Windows\system32\drivers\SCDEmu.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP