Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browsers re-directing. Possible 'PING.EXE' corruption/infectio

Started by Bloke82 , Nov 21 2011 08:52 AM

  • Please log in to reply

#1
Bloke82
Posted 21 November 2011 - 08:52 AM

Bloke82

    Member

  • Member
  • PipPip
  • 17 posts
Hello,

Earlier today I encountered a problem with my browsers. They were suddenly directing me to sites (mostly Ebay) I didn't want, and opening other browsers. On investigation I opened task manager to view processes and noticed that 'PING.EXE' was taking up a huge amount of memory.

I ran Malwarebytes which revealed the following...

-------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 8207

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

21/11/2011 13:27:39
mbam-log-2011-11-21 (13-27-39).txt

Scan type: Quick scan
Objects scanned: 164999
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Public\Desktop\mp3 downloader.lnk (Rogue.Link) -> Quarantined and deleted successfully.
-------------------------------------------------------------------------------

Sadly, this did not solve my issue.

I'm unsure as to how this infection came about, as I'm not the only person to use this computer. Suffice it to say, I will be the only one using it until the problem is resolved, as to not hinder your attempts in helping.

These are the OTL logfiles...

-------------------------------------------------------------------------------
OTL logfile created on: 21/11/2011 13:53:31 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.30% Memory free
4.00 Gb Paging File | 2.67 Gb Available in Paging File | 66.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 35.49 Gb Free Space | 12.35% Space Free | Partition Type: NTFS

Computer Name: CHRIS-ADV | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 13:53:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL(1).com
PRC - [2011/11/10 22:59:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/20 11:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/06/24 04:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/15 19:35:46 | 003,269,768 | ---- | M] (FinalWire Ltd.) -- C:\Program Files\FinalWire\AIDA64 Extreme Edition\aida64.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/20 01:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 01:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/03/09 00:05:28 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/14 01:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 04:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | R--- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/01/27 08:42:48 | 000,044,384 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/15 07:13:17 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 22:59:17 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/12 09:55:21 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011/10/12 07:30:12 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/12 07:08:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/12 07:08:27 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/12 07:08:09 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/12 07:08:09 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/12 07:07:55 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 07:07:47 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 07:07:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 07:07:18 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/12 07:07:01 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 07:06:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 07:06:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 07:06:37 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 07:06:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/15 19:35:46 | 000,274,552 | ---- | M] () -- C:\Program Files\FinalWire\AIDA64 Extreme Edition\aida_icons7.dll
MOD - [2011/03/09 00:05:34 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/03/08 23:24:12 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/11/20 12:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/05/02 04:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/02 04:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/21 13:47:52 | 000,059,592 | -H-- | M] () -- C:\Program Files\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/20 17:47:36 | 000,094,208 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Clock\Clock.dll
MOD - [2007/04/19 14:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\CrashRpt.dll
MOD - [2007/01/21 11:46:16 | 000,018,944 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2002/03/13 19:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\ODimg.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/20 01:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/09 14:48:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/09 00:05:28 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/06/17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 17:47:53 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/10/07 17:47:52 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 17:47:51 | 000,488,208 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/15 19:35:46 | 000,028,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 -- (AIDA64Driver)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/20 01:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 01:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 00:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/10 06:43:53 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2011/04/10 06:25:14 | 000,004,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bbcap.sys -- (bbcap)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/17 12:04:24 | 000,101,392 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/03/09 10:21:26 | 000,107,024 | -H-- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008/01/19 04:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2002/04/11 14:21:38 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 02 A9 44 B6 F6 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 22:59:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 06:24:48 | 000,000,000 | ---D | M]

[2011/04/10 07:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/06/03 10:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\07earqv9.default\extensions
[2011/11/09 17:06:00 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\07earqv9.default\extensions\[email protected]
[2011/11/10 22:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/25 12:51:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/10 18:50:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/10 22:59:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 18:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/18 13:36:59 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/18 13:36:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/18 13:36:59 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/18 13:36:59 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/18 13:36:59 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...utputEncoding?}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

Hosts file not found
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49D19D3-F435-47A2-8F4D-CF70A24AE014}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49D19D3-F435-47A2-8F4D-CF70A24AE014}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E06C9A65-028C-48E6-868B-C4F7F9360F2B}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 13:07:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/11/21 13:06:42 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/21 13:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/21 13:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/21 13:06:39 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/21 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/21 12:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/21 12:56:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/21 11:41:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/11/21 11:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/11/21 11:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/11/20 09:02:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{596A17F1-1AA4-43E0-8C1C-9231D19EB32A}
[2011/11/20 09:02:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5CC5B1DC-7CFD-4B34-BBAA-677D31236951}
[2011/11/19 08:09:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1EE0DC15-71A2-4504-91F7-B2081BB774F5}
[2011/11/19 08:09:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F2C85C29-281E-4E00-8860-94B49DC73B7E}
[2011/11/17 13:30:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\assembly
[2011/11/17 13:17:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{829B11AC-FF49-4C90-985F-3AB617BC95A5}
[2011/11/17 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C6F6F4D6-BB49-405A-9683-BCF556EBFD2D}
[2011/11/15 11:31:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0C81E14F-6AFC-44E1-B1AF-0E87075102FA}
[2011/11/15 11:31:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4C0BE851-67FC-48B1-A74D-76D8959B8EC0}
[2011/11/13 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7EA9E0BD-202D-42A3-B43D-63AECEF8E522}
[2011/11/13 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{84899963-F4B6-4ECD-AC6A-D13F03C7630B}
[2011/11/11 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Skyrim
[2011/11/11 20:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/11/11 19:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\The Elder Scrolls V Skyrim
[2011/11/11 10:53:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{830C25DA-85C1-4606-ABAD-FFF5F60386D5}
[2011/11/11 10:53:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8727E1E9-89B9-4572-BA17-F28D9BBE54FA}
[2011/11/10 18:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/09 13:39:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5BBBBAD9-CBFC-4BA7-929D-3B262DB0AC50}
[2011/11/09 13:39:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8AD2224F-6A4B-46FC-B9CD-7757A428D253}
[2011/11/08 12:57:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0C4D7665-77F7-42D0-BCC9-B8799E4D66F9}
[2011/11/08 12:57:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4FE73FAE-7672-4BE7-A544-6FD6DB6BADCE}
[2011/11/07 17:53:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A3BEFFEE-B2BB-4834-A1EF-F3A9BB7626B1}
[2011/11/07 17:53:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{99450EBB-3049-4D85-9AA7-ED072AD6A5A4}
[2011/11/06 19:23:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FF58BC3A-379B-4207-B506-F0736481BE10}
[2011/11/06 19:23:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8D67DA18-9EF3-4D66-A4C9-EFF7642634F9}
[2011/11/06 11:35:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/11/06 11:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Fraps
[2011/11/06 11:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sooftmoon
[2011/11/06 11:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\sooftmoon
[2011/11/03 17:28:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{34D9864D-4FA1-41DE-A813-E3D928F0D4AC}
[2011/11/03 17:28:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{16A029CC-8844-4037-AD59-E67BD0F87CE9}
[2011/11/02 08:12:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{85742544-A7D8-448B-89AE-9E312DFFE2BF}
[2011/11/02 08:12:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{286528E2-C838-400C-83DE-32ABFAD74980}
[2011/11/01 11:33:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{214B752D-1B26-47D5-8505-7E5596B85D86}
[2011/11/01 11:33:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6939C71E-B3E4-4B29-B500-DC98CD35AB1E}
[2011/10/31 15:05:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Book of Unwritten Tales
[2011/10/31 15:02:40 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/10/31 15:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/10/31 14:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales
[2011/10/31 14:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Book of Unwritten Tales
[2011/10/30 15:43:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{510B3605-0D96-4540-8D7D-6CAC0E7A9F35}
[2011/10/30 15:43:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4801A159-4FD9-4261-8B80-EE140F444A4A}
[2011/10/27 14:45:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8CE04589-22DA-4580-A585-DCE17B457DEF}
[2011/10/27 14:45:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{12358E02-FADE-460E-AB32-0C2B46C9A619}
[2011/10/25 12:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/24 16:23:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/10/24 07:35:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1BE0FC81-9249-4936-97F6-EBAC44DF0DB9}
[2011/10/24 07:35:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{96B15FA6-3466-47A5-A007-9F39350BD7CA}
[2011/10/23 07:17:14 | 000,033,984 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll

========== Files - Modified Within 30 Days ==========

[2011/11/21 13:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579966273-1700416189-516274256-1000UA.job
[2011/11/21 13:37:43 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 13:37:43 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 13:35:22 | 000,630,124 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/21 13:35:22 | 000,111,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 13:31:01 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
[2011/11/21 13:30:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 13:30:22 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 13:06:42 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 12:56:55 | 000,002,963 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/11/21 10:23:54 | 000,008,275 | ---- | M] () -- C:\Windows\YAHVOX_ignore.ini
[2011/11/21 10:23:54 | 000,000,087 | ---- | M] () -- C:\Windows\YahELite.ini
[2011/11/20 22:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579966273-1700416189-516274256-1000Core.job
[2011/11/19 07:47:01 | 000,002,410 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2011/11/16 18:43:38 | 000,028,160 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 18:59:49 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/11/10 22:59:33 | 000,002,004 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 07:16:15 | 000,365,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/06 11:35:05 | 000,000,931 | ---- | M] () -- C:\Users\Chris\Desktop\Fraps.lnk
[2011/10/31 15:02:40 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/10/25 12:50:53 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2011/11/21 13:06:42 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 12:56:55 | 000,002,963 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/11/06 11:35:05 | 000,000,931 | ---- | C] () -- C:\Users\Chris\Desktop\Fraps.lnk
[2011/10/09 07:45:19 | 000,000,427 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2011/09/23 11:12:38 | 000,000,080 | RHS- | C] () -- C:\Windows\CT6PRET.BIN
[2011/06/02 07:08:23 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/02 07:08:23 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/13 06:24:07 | 000,028,160 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 00:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/15 14:25:18 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/04/12 12:56:56 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011/04/11 08:11:17 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/04/10 07:30:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/09 21:50:48 | 000,008,275 | ---- | C] () -- C:\Windows\YAHVOX_ignore.ini
[2011/04/09 21:13:28 | 000,000,087 | ---- | C] () -- C:\Windows\YahELite.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/09 13:05:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\yacsui.dll
[2011/04/09 12:29:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 20:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/12/03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,365,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,630,124 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,111,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/19 19:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

========== LOP Check ==========

[2011/05/23 20:34:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG10
[2011/07/04 12:37:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Blueberry
[2011/06/23 16:31:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\calibre
[2011/04/09 15:22:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CleanMyPC Software
[2011/10/17 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Digiarty
[2011/06/03 11:05:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/07/01 15:09:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\go
[2011/07/09 16:42:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2011/05/19 10:17:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Lionhead Studios
[2011/04/10 06:25:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LogSys
[2011/09/19 08:46:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LucasArts
[2011/04/12 12:48:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\MAGIX
[2011/04/10 15:10:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\NetMedia Providers
[2011/07/25 12:49:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2011/04/10 07:09:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Publish Providers
[2011/09/12 11:03:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Resolume
[2011/09/12 11:04:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Resolume Avenue 3
[2011/06/09 07:11:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Rovio
[2011/06/18 14:24:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony
[2011/11/21 13:05:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/07/05 21:14:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Windows Live Writer
[2011/04/21 09:09:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Y!Supra
[2011/11/21 12:14:32 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:4BF2F6B5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:466F9D5D

< End of report >
-------------------------------------------------------------------------------

Extras

-------------------------------------------------------------------------------
OTL Extras logfile created on: 21/11/2011 13:53:31 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.30% Memory free
4.00 Gb Paging File | 2.67 Gb Available in Paging File | 66.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 35.49 Gb Free Space | 12.35% Space Free | Partition Type: NTFS

Computer Name: CHRIS-ADV | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{080E275F-67BF-6E44-10A5-6B25BD0C73E6}" = ccc-utility
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB2107E-82FE-3167-6E71-B9D44EA4FD26}" = AMD Drag and Drop Transcoding
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47F6627C-61DD-4191-91C3-2E4077EE7B1F}" = MAGIX Music Maker 17 Premium Download Version
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.21 PRO
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{652CD1F7-23C6-462D-963C-60F92C3BF332}" = BB FlashBack Pro
"{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F12E64D-2F6F-4F85-A8FE-4ED29350BD6C}" = calibre
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{8004E5FD-A3A1-F723-EDAF-D5808A756DDC}" = Catalyst Control Center Graphics Previews Common
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE38A85-E60F-4099-97EA-343BB36604B6}_is1" = Easy Music Downloader version 2.5.8.3
"{8FD4407C-A901-092A-EB3C-602B52C361DC}" = Catalyst Control Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A6F4E4F-9FAB-78A2-020B-3DAED3B2E0E1}" = AMD Fuel
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{a72ce741-1f32-4d79-bffb-a714375c678d}_is1" = Bigasoft Total Video Converter 3.3.4.4105
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B352D3F6-352B-4031-9C79-2C7A26062BBC}" = MAGIX Music Maker 17 Premium (Synthesizer and effects)
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB751CFD-8BCE-9754-ACBE-D6EFDC69C937}" = WMV9/VC-1 Video Playback
"{C24B0741-A616-6C3F-F952-BAC0CE90761F}" = CCC Help English
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DFDD2913-557D-4EB5-8745-47749E521760}" = MAGIX Screenshare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9BECF5D-5BA8-950F-7757-17D825A37371}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDD41BE8-3FEE-4839-B1D8-8970D24D314D}" = MAGIX Speed burnR (MSI)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.80
"ASIO4ALL" = ASIO4ALL
"aTube Catcher" = aTube Catcher
"BB FlashBack Pro" = BB FlashBack Pro
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"Collab" = Collab
"DivX Setup.divx.com" = DivX Setup
"Driver Checker_is1" = Driver Checker v2.7.3
"Driver San Francisco" = Driver San Francisco
"Fallout New Vegas_is1" = Fallout New Vegas
"FIFA 12 © EA_is1" = FIFA 12 © EA version 1
"FL Studio 8" = FL Studio 8
"Fraps" = Fraps (remove only)
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"IL Download Manager" = IL Download Manager
"MAGIX_MSI_mm17dlx" = MAGIX Music Maker 17 Premium Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"Postal 2_is1" = Portal 2
"Resolume Avenue 3.3.2_is1" = Resolume Avenue 3.3.2
"SopCast" = SopCast 3.4.0
"The Book Of Unwritten Tales_is1" = The Book Of Unwritten Tales version 1.03
"Toxic Biohazard" = Toxic Biohazard
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VistaVoiceFix_0" = VistaVoiceFix® 10.0
"VLC media player" = VLC media player 1.0.0
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.6
"WordWeb" = WordWeb
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Y!Caddy" = Y!Caddy
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

[color=#E56717]========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/11/2011 16:52:01 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\driver
checker\download\realtek_driver_232_win_vistawin7\Vista64\RAVCpl64.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/11/2011 16:52:02 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\driver
checker\download\realtek_driver_232_win_vistawin7\Vista64\vncutil64.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/11/2011 16:52:25 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 20/11/2011 15:53:03 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 20/11/2011 15:54:23 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\driver
checker\download\realtek_driver_232_win_vistawin7\Vista64\RAVBg64.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/11/2011 15:54:23 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\driver
checker\download\realtek_driver_232_win_vistawin7\Vista64\RAVCpl64.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/11/2011 15:54:24 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\driver
checker\download\realtek_driver_232_win_vistawin7\Vista64\vncutil64.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/11/2011 15:54:53 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 21/11/2011 07:06:26 | Computer Name = Chris-ADV | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 314 Start
Time: 01cca83d74c5a500 Termination Time: 50 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: d3820508-1430-11e1-b269-00028a17f4f3

Error - 21/11/2011 09:08:47 | Computer Name = Chris-ADV | Source = Application Error | ID = 1000
Description = Faulting application name: mbamservice.exe, version: 1.51.1.0, time
stamp: 0x4e0f0e18 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x4c4b4a49 Faulting process id: 0x8dc Faulting application
start time: 0x01cca84e8e858972 Faulting application path: C:\Program Files\Malwarebytes'
Anti-Malware\mbamservice.exe Faulting module path: unknown Report Id: f20b916c-1441-11e1-b269-00028a17f4f3

[ System Events ]
Error - 21/11/2011 09:30:43 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 09:30:44 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 09:30:44 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 09:30:47 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 09:30:49 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 09:31:02 | Computer Name = Chris-ADV | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 21/11/2011 09:47:57 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 09:47:57 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 09:47:57 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 09:47:57 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
-------------------------------------------------------------------------------

Thank you in advance.
  • 0

Advertisements

#2
RKinner
Posted 21 November 2011 - 01:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Bloke82
Posted 21 November 2011 - 05:43 PM

Bloke82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ron,

Thank you for your prompt response. These are the logs you requested...


**ComboFix

ComboFix 11-11-21.01 - Chris 21/11/2011 22:47:36.1.3 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2047.1104 [GMT 0:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\Favorites\Free Mobile Ringtones.url
c:\users\Chris\Favorites\Free VIDEO iPod!.url
c:\users\Chris\Favorites\Get 100000 Free Smileys!.url
c:\users\Chris\Favorites\Weather Toolbar and Smileys!.url
c:\windows\$NtUninstallKB30657$\2117470711\@
c:\windows\$NtUninstallKB30657$\2117470711\bckfg.tmp
c:\windows\$NtUninstallKB30657$\2117470711\cfg.ini
c:\windows\$NtUninstallKB30657$\2117470711\Desktop.ini
c:\windows\$NtUninstallKB30657$\2117470711\keywords
c:\windows\$NtUninstallKB30657$\2117470711\kwrd.dll
c:\windows\$NtUninstallKB30657$\2117470711\L\xadqgnnk
c:\windows\$NtUninstallKB30657$\2117470711\U\00000001.@
c:\windows\$NtUninstallKB30657$\2117470711\U\00000002.@
c:\windows\$NtUninstallKB30657$\2117470711\U\00000004.@
c:\windows\$NtUninstallKB30657$\2117470711\U\80000000.@
c:\windows\$NtUninstallKB30657$\2117470711\U\80000004.@
c:\windows\$NtUninstallKB30657$\2117470711\U\80000032.@
c:\windows\$NtUninstallKB30657$\3011896037
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\YAHELITE.INI
c:\windows\$NtUninstallKB30657$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 22:57 . 2011-11-21 22:59 -------- d-----w- c:\users\Chris\AppData\Local\temp
2011-11-21 13:07 . 2011-11-21 13:07 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-11-21 13:06 . 2011-11-21 13:06 -------- d-----w- c:\programdata\Malwarebytes
2011-11-21 13:06 . 2011-07-06 19:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-21 13:06 . 2011-11-21 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-21 13:06 . 2011-07-06 19:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 12:56 . 2011-11-21 12:56 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-21 12:56 . 2011-11-21 12:56 -------- d-----w- c:\program files\Trend Micro
2011-11-21 11:41 . 2011-11-21 11:41 -------- d-----w- c:\program files\Unlocker
2011-11-21 05:41 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12AD823E-6D54-4211-A7EE-F34429B3D445}\mpengine.dll
2011-11-17 13:30 . 2011-11-17 13:30 -------- d-----w- c:\users\Chris\AppData\Local\assembly
2011-11-11 20:19 . 2011-11-11 20:19 -------- d-----w- c:\users\Chris\AppData\Local\Skyrim
2011-11-11 19:52 . 2011-11-11 21:19 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-10 18:51 . 2011-11-10 18:51 -------- d-----w- c:\program files\Common Files\Java
2011-11-09 07:11 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 07:11 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:11 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 11:32 . 2011-11-06 11:39 -------- d-----w- c:\program files\Fraps
2011-11-06 11:23 . 2011-11-06 11:23 -------- d-----w- c:\program files\sooftmoon
2011-10-31 15:02 . 2011-10-31 15:02 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-31 15:02 . 2011-10-31 15:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-10-31 15:02 . 2011-10-31 15:02 -------- d-----w- c:\program files\OpenAL
2011-10-31 15:00 . 2007-03-05 12:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2011-10-31 14:49 . 2011-10-31 15:41 -------- d-----w- c:\program files\Book of Unwritten Tales
2011-10-23 07:17 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 07:13 . 2011-07-11 07:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-22 11:05 . 2011-10-22 11:05 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-10-07 17:47 . 2011-01-06 16:36 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:47 . 2011-01-06 16:36 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:47 . 2011-01-06 16:36 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2011-01-06 16:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2010-12-29 00:42 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-07 03:48 . 2011-10-02 06:36 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 05:06 . 2011-04-12 12:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 07:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-01 07:44 . 2011-10-01 07:44 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C373806F-E4A2-4E8C-BD8C-FD86A5034B76}\gapaengine.dll
2011-10-01 07:39 . 2011-10-01 07:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-01 07:39 . 2011-10-01 07:39 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-01 07:39 . 2011-10-01 07:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-01 07:39 . 2011-10-01 07:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-01 07:39 . 2011-10-01 07:39 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-01 07:39 . 2011-10-01 07:39 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-01 07:39 . 2011-10-01 07:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-01 07:39 . 2011-10-01 07:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-01 07:39 . 2011-10-01 07:39 367104 ----a-w- c:\windows\system32\html.iec
2011-10-01 07:39 . 2011-10-01 07:39 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-01 07:39 . 2011-10-01 07:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-01 07:39 . 2011-10-01 07:39 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-01 07:39 . 2011-10-01 07:39 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-01 07:39 . 2011-10-01 07:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-01 07:39 . 2011-10-01 07:39 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-01 07:39 . 2011-10-01 07:39 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-01 07:39 . 2011-10-01 07:39 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-01 07:39 . 2011-10-01 07:39 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-21 08:00 . 2011-10-01 07:17 7269712 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3765187B-267F-4A58-9C06-EE7AB1478256}\mpengine.dll
2011-09-01 02:35 . 2011-10-12 07:01 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 07:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26 . 2011-10-12 06:53 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 06:53 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-11-10 22:59 . 2011-04-10 07:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-04-10 7731744]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2011-4-9 3450608]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2011-4-9 44384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-05-17 12:29 395144 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler]
2010-06-14 08:38 471650 ----a-w- c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-09 1343400]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 39640]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 294400]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2011-04-10 4096]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2579966273-1700416189-516274256-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 18:25]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2579966273-1700416189-516274256-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D49D19D3-F435-47A2-8F4D-CF70A24AE014}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{E06C9A65-028C-48E6-868B-C4F7F9360F2B}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\07earqv9.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2696)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Ask.com\UpdateTask.exe
.
**************************************************************************
.
Completion time: 2011-11-21 23:05:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 23:05
.
Pre-Run: 37,882,769,408 bytes free
Post-Run: 38,123,458,560 bytes free
.
- - End Of File - - ACB732E225961332951BD02269988FDF
===========================================================================


**TDSSKiller

23:13:41.0339 2720 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
23:13:43.0351 2720 ============================================================
23:13:43.0351 2720 Current date / time: 2011/11/21 23:13:43.0351
23:13:43.0351 2720 SystemInfo:
23:13:43.0351 2720
23:13:43.0351 2720 OS Version: 6.1.7601 ServicePack: 1.0
23:13:43.0351 2720 Product type: Workstation
23:13:43.0351 2720 ComputerName: CHRIS-ADV
23:13:43.0351 2720 UserName: Chris
23:13:43.0351 2720 Windows directory: C:\Windows
23:13:43.0351 2720 System windows directory: C:\Windows
23:13:43.0351 2720 Processor architecture: Intel x86
23:13:43.0351 2720 Number of processors: 3
23:13:43.0351 2720 Page size: 0x1000
23:13:43.0351 2720 Boot type: Normal boot
23:13:43.0351 2720 ============================================================
23:13:44.0381 2720 Initialize success
23:14:23.0537 0976 ============================================================
23:14:23.0537 0976 Scan started
23:14:23.0537 0976 Mode: Manual;
23:14:23.0537 0976 ============================================================
23:14:24.0177 0976 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:14:24.0177 0976 1394ohci - ok
23:14:24.0239 0976 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:14:24.0239 0976 ACPI - ok
23:14:24.0286 0976 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:14:24.0286 0976 AcpiPmi - ok
23:14:24.0379 0976 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:14:24.0395 0976 adp94xx - ok
23:14:24.0411 0976 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:14:24.0411 0976 adpahci - ok
23:14:24.0442 0976 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:14:24.0442 0976 adpu320 - ok
23:14:24.0535 0976 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:14:24.0551 0976 AFD - ok
23:14:24.0582 0976 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:14:24.0582 0976 agp440 - ok
23:14:24.0645 0976 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:14:24.0645 0976 aic78xx - ok
23:14:24.0707 0976 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:14:24.0707 0976 aliide - ok
23:14:24.0769 0976 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:14:24.0769 0976 amdagp - ok
23:14:24.0816 0976 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:14:24.0816 0976 amdide - ok
23:14:24.0863 0976 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
23:14:24.0863 0976 amdiox86 - ok
23:14:24.0925 0976 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:14:24.0925 0976 AmdK8 - ok
23:14:25.0144 0976 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
23:14:25.0300 0976 amdkmdag - ok
23:14:25.0331 0976 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
23:14:25.0331 0976 amdkmdap - ok
23:14:25.0409 0976 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:14:25.0409 0976 AmdPPM - ok
23:14:25.0471 0976 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
23:14:25.0471 0976 amdsata - ok
23:14:25.0518 0976 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:14:25.0518 0976 amdsbs - ok
23:14:25.0534 0976 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
23:14:25.0534 0976 amdxata - ok
23:14:25.0581 0976 AODDriver4.0 - ok
23:14:25.0643 0976 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:14:25.0659 0976 AppID - ok
23:14:25.0690 0976 appliandMP - ok
23:14:25.0737 0976 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:14:25.0737 0976 arc - ok
23:14:25.0768 0976 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:14:25.0768 0976 arcsas - ok
23:14:25.0815 0976 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:14:25.0815 0976 AsyncMac - ok
23:14:25.0846 0976 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:14:25.0846 0976 atapi - ok
23:14:25.0908 0976 AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) C:\Windows\system32\drivers\AtihdW73.sys
23:14:25.0924 0976 AtiHDAudioService - ok
23:14:25.0939 0976 AtiHdmiService (c822c615b2f693ef4e5b355432976a81) C:\Windows\system32\drivers\AtiHdmi.sys
23:14:25.0939 0976 AtiHdmiService - ok
23:14:26.0111 0976 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
23:14:26.0173 0976 atikmdag - ok
23:14:26.0267 0976 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:14:26.0283 0976 b06bdrv - ok
23:14:26.0361 0976 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:14:26.0361 0976 b57nd60x - ok
23:14:26.0470 0976 bbcap (709fbe6eced1c3259d2b50bb0520b765) C:\Windows\system32\DRIVERS\bbcap.sys
23:14:26.0485 0976 bbcap - ok
23:14:26.0610 0976 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:14:26.0610 0976 Beep - ok
23:14:26.0657 0976 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:14:26.0657 0976 blbdrive - ok
23:14:26.0688 0976 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:14:26.0688 0976 bowser - ok
23:14:26.0719 0976 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:14:26.0719 0976 BrFiltLo - ok
23:14:26.0735 0976 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:14:26.0735 0976 BrFiltUp - ok
23:14:26.0797 0976 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:14:26.0797 0976 Brserid - ok
23:14:26.0813 0976 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:14:26.0813 0976 BrSerWdm - ok
23:14:26.0844 0976 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:14:26.0844 0976 BrUsbMdm - ok
23:14:26.0860 0976 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:14:26.0860 0976 BrUsbSer - ok
23:14:26.0891 0976 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:14:26.0891 0976 BTHMODEM - ok
23:14:26.0985 0976 catchme - ok
23:14:27.0125 0976 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:14:27.0125 0976 cdfs - ok
23:14:27.0219 0976 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
23:14:27.0219 0976 cdrom - ok
23:14:27.0265 0976 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:14:27.0265 0976 circlass - ok
23:14:27.0312 0976 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:14:27.0312 0976 CLFS - ok
23:14:27.0390 0976 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:14:27.0390 0976 CmBatt - ok
23:14:27.0453 0976 cmdGuard (a4851a1d338622f959f9a0f5c2d00d78) C:\Windows\system32\DRIVERS\cmdguard.sys
23:14:27.0453 0976 cmdGuard ( Rootkit.Win32.ZAccess.k ) - infected
23:14:27.0453 0976 cmdGuard - detected Rootkit.Win32.ZAccess.k (0)
23:14:27.0499 0976 cmdHlp (7faba2d3b4912b8762d1fec63ad12525) C:\Windows\system32\DRIVERS\cmdhlp.sys
23:14:27.0499 0976 cmdHlp - ok
23:14:27.0562 0976 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:14:27.0562 0976 cmdide - ok
23:14:27.0609 0976 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
23:14:27.0624 0976 CNG - ok
23:14:27.0640 0976 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:14:27.0640 0976 Compbatt - ok
23:14:27.0702 0976 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:14:27.0702 0976 CompositeBus - ok
23:14:27.0749 0976 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:14:27.0749 0976 crcdisk - ok
23:14:27.0843 0976 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:14:27.0843 0976 DfsC - ok
23:14:27.0874 0976 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:14:27.0874 0976 discache - ok
23:14:27.0921 0976 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:14:27.0936 0976 Disk - ok
23:14:27.0983 0976 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:14:27.0983 0976 drmkaud - ok
23:14:28.0030 0976 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:14:28.0061 0976 DXGKrnl - ok
23:14:28.0186 0976 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:14:28.0264 0976 ebdrv - ok
23:14:28.0404 0976 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:14:28.0404 0976 ElbyCDIO - ok
23:14:28.0482 0976 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:14:28.0498 0976 elxstor - ok
23:14:28.0529 0976 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:14:28.0545 0976 ErrDev - ok
23:14:28.0591 0976 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:14:28.0591 0976 exfat - ok
23:14:28.0623 0976 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:14:28.0638 0976 fastfat - ok
23:14:28.0669 0976 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:14:28.0669 0976 fdc - ok
23:14:28.0701 0976 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:14:28.0701 0976 FileInfo - ok
23:14:28.0716 0976 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:14:28.0716 0976 Filetrace - ok
23:14:28.0763 0976 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:14:28.0763 0976 flpydisk - ok
23:14:28.0810 0976 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:14:28.0825 0976 FltMgr - ok
23:14:28.0841 0976 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:14:28.0857 0976 FsDepends - ok
23:14:28.0872 0976 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:14:28.0872 0976 Fs_Rec - ok
23:14:28.0935 0976 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:14:28.0935 0976 fvevol - ok
23:14:28.0981 0976 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:14:28.0981 0976 gagp30kx - ok
23:14:28.0997 0976 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:14:29.0013 0976 hcw85cir - ok
23:14:29.0075 0976 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
23:14:29.0091 0976 HdAudAddService - ok
23:14:29.0137 0976 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:14:29.0137 0976 HDAudBus - ok
23:14:29.0169 0976 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:14:29.0169 0976 HidBatt - ok
23:14:29.0200 0976 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:14:29.0200 0976 HidBth - ok
23:14:29.0247 0976 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:14:29.0247 0976 HidIr - ok
23:14:29.0293 0976 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:14:29.0293 0976 HidUsb - ok
23:14:29.0356 0976 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:14:29.0356 0976 HpSAMD - ok
23:14:29.0434 0976 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:14:29.0449 0976 HTTP - ok
23:14:29.0496 0976 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:14:29.0496 0976 hwpolicy - ok
23:14:29.0590 0976 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
23:14:29.0590 0976 i8042prt - ok
23:14:29.0652 0976 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
23:14:29.0652 0976 iaStorV - ok
23:14:29.0699 0976 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:14:29.0699 0976 iirsp - ok
23:14:29.0730 0976 inspect (aa686b40a4f837bc66ad3183b2bbd981) C:\Windows\system32\DRIVERS\inspect.sys
23:14:29.0746 0976 inspect - ok
23:14:29.0871 0976 IntcAzAudAddService (2c314284938e308da50d49e50404d9fc) C:\Windows\system32\drivers\RTKVHDA.sys
23:14:29.0949 0976 IntcAzAudAddService - ok
23:14:29.0980 0976 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:14:29.0995 0976 intelide - ok
23:14:30.0042 0976 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:14:30.0042 0976 intelppm - ok
23:14:30.0058 0976 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:14:30.0073 0976 IpFilterDriver - ok
23:14:30.0120 0976 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:14:30.0120 0976 IPMIDRV - ok
23:14:30.0136 0976 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:14:30.0151 0976 IPNAT - ok
23:14:30.0198 0976 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
23:14:30.0198 0976 irda - ok
23:14:30.0245 0976 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:14:30.0245 0976 IRENUM - ok
23:14:30.0323 0976 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
23:14:30.0323 0976 irsir - ok
23:14:30.0370 0976 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:14:30.0370 0976 isapnp - ok
23:14:30.0401 0976 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:14:30.0401 0976 iScsiPrt - ok
23:14:30.0448 0976 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
23:14:30.0448 0976 kbdclass - ok
23:14:30.0495 0976 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
23:14:30.0495 0976 kbdhid - ok
23:14:30.0541 0976 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
23:14:30.0541 0976 KSecDD - ok
23:14:30.0588 0976 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
23:14:30.0588 0976 KSecPkg - ok
23:14:30.0666 0976 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:14:30.0666 0976 lltdio - ok
23:14:30.0729 0976 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:14:30.0729 0976 LSI_FC - ok
23:14:30.0744 0976 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:14:30.0744 0976 LSI_SAS - ok
23:14:30.0760 0976 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:14:30.0760 0976 LSI_SAS2 - ok
23:14:30.0775 0976 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:14:30.0775 0976 LSI_SCSI - ok
23:14:30.0822 0976 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:14:30.0822 0976 luafv - ok
23:14:30.0900 0976 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
23:14:30.0900 0976 MBAMProtector - ok
23:14:30.0963 0976 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
23:14:30.0963 0976 MBAMSwissArmy - ok
23:14:31.0025 0976 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:14:31.0025 0976 megasas - ok
23:14:31.0041 0976 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:14:31.0041 0976 MegaSR - ok
23:14:31.0072 0976 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:14:31.0072 0976 Modem - ok
23:14:31.0103 0976 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:14:31.0119 0976 monitor - ok
23:14:31.0150 0976 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:14:31.0165 0976 mouclass - ok
23:14:31.0212 0976 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:14:31.0212 0976 mouhid - ok
23:14:31.0259 0976 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:14:31.0259 0976 mountmgr - ok
23:14:31.0321 0976 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
23:14:31.0321 0976 MpFilter - ok
23:14:31.0384 0976 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:14:31.0384 0976 mpio - ok
23:14:31.0415 0976 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:14:31.0415 0976 MpNWMon - ok
23:14:31.0446 0976 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:14:31.0446 0976 mpsdrv - ok
23:14:31.0493 0976 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:14:31.0493 0976 MRxDAV - ok
23:14:31.0555 0976 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:14:31.0555 0976 mrxsmb - ok
23:14:31.0587 0976 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:14:31.0587 0976 mrxsmb10 - ok
23:14:31.0665 0976 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:14:31.0665 0976 mrxsmb20 - ok
23:14:31.0711 0976 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:14:31.0711 0976 msahci - ok
23:14:31.0743 0976 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:14:31.0743 0976 msdsm - ok
23:14:31.0789 0976 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:14:31.0805 0976 Msfs - ok
23:14:31.0821 0976 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:14:31.0821 0976 mshidkmdf - ok
23:14:31.0836 0976 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:14:31.0836 0976 msisadrv - ok
23:14:31.0899 0976 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:14:31.0899 0976 MSKSSRV - ok
23:14:31.0945 0976 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:14:31.0961 0976 MSPCLOCK - ok
23:14:31.0977 0976 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:14:31.0977 0976 MSPQM - ok
23:14:32.0008 0976 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:14:32.0008 0976 MsRPC - ok
23:14:32.0055 0976 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:14:32.0055 0976 mssmbios - ok
23:14:32.0086 0976 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:14:32.0086 0976 MSTEE - ok
23:14:32.0101 0976 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:14:32.0101 0976 MTConfig - ok
23:14:32.0133 0976 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:14:32.0133 0976 Mup - ok
23:14:32.0179 0976 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:14:32.0195 0976 NativeWifiP - ok
23:14:32.0273 0976 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:14:32.0289 0976 NDIS - ok
23:14:32.0335 0976 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:14:32.0335 0976 NdisCap - ok
23:14:32.0382 0976 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:14:32.0382 0976 NdisTapi - ok
23:14:32.0429 0976 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:14:32.0429 0976 Ndisuio - ok
23:14:32.0476 0976 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:14:32.0476 0976 NdisWan - ok
23:14:32.0538 0976 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:14:32.0538 0976 NDProxy - ok
23:14:32.0585 0976 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:14:32.0585 0976 NetBIOS - ok
23:14:32.0632 0976 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:14:32.0647 0976 NetBT - ok
23:14:32.0710 0976 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:14:32.0710 0976 nfrd960 - ok
23:14:32.0757 0976 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:14:32.0772 0976 NisDrv - ok
23:14:32.0819 0976 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:14:32.0819 0976 Npfs - ok
23:14:32.0835 0976 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:14:32.0835 0976 nsiproxy - ok
23:14:32.0928 0976 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:14:32.0944 0976 Ntfs - ok
23:14:32.0959 0976 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:14:32.0959 0976 Null - ok
23:14:33.0022 0976 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:14:33.0022 0976 nvraid - ok
23:14:33.0053 0976 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:14:33.0053 0976 nvstor - ok
23:14:33.0069 0976 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:14:33.0069 0976 nv_agp - ok
23:14:33.0115 0976 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:14:33.0115 0976 ohci1394 - ok
23:14:33.0178 0976 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:14:33.0178 0976 Parport - ok
23:14:33.0240 0976 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
23:14:33.0240 0976 partmgr - ok
23:14:33.0256 0976 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:14:33.0256 0976 Parvdm - ok
23:14:33.0318 0976 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:14:33.0318 0976 pci - ok
23:14:33.0349 0976 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:14:33.0349 0976 pciide - ok
23:14:33.0365 0976 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:14:33.0381 0976 pcmcia - ok
23:14:33.0396 0976 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:14:33.0412 0976 pcw - ok
23:14:33.0443 0976 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:14:33.0459 0976 PEAUTH - ok
23:14:33.0537 0976 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:14:33.0537 0976 PptpMiniport - ok
23:14:33.0568 0976 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:14:33.0568 0976 Processor - ok
23:14:33.0630 0976 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:14:33.0630 0976 Psched - ok
23:14:33.0693 0976 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:14:33.0724 0976 ql2300 - ok
23:14:33.0739 0976 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:14:33.0739 0976 ql40xx - ok
23:14:33.0771 0976 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:14:33.0771 0976 QWAVEdrv - ok
23:14:33.0786 0976 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:14:33.0786 0976 RasAcd - ok
23:14:33.0849 0976 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:14:33.0849 0976 RasAgileVpn - ok
23:14:33.0864 0976 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:14:33.0880 0976 Rasl2tp - ok
23:14:33.0927 0976 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:14:33.0927 0976 RasPppoe - ok
23:14:33.0973 0976 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:14:33.0973 0976 RasSstp - ok
23:14:34.0020 0976 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:14:34.0036 0976 rdbss - ok
23:14:34.0067 0976 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:14:34.0067 0976 rdpbus - ok
23:14:34.0114 0976 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:14:34.0114 0976 RDPCDD - ok
23:14:34.0161 0976 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:14:34.0161 0976 RDPENCDD - ok
23:14:34.0192 0976 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:14:34.0192 0976 RDPREFMP - ok
23:14:34.0239 0976 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
23:14:34.0254 0976 RDPWD - ok
23:14:34.0317 0976 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:14:34.0317 0976 rdyboost - ok
23:14:34.0395 0976 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:14:34.0395 0976 rspndr - ok
23:14:34.0457 0976 RTL8167 (aa9c3881a74a6d66a2ad869b03e8d3f5) C:\Windows\system32\DRIVERS\Rt86win7.sys
23:14:34.0457 0976 RTL8167 - ok
23:14:34.0535 0976 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:14:34.0535 0976 sbp2port - ok
23:14:34.0582 0976 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:14:34.0582 0976 scfilter - ok
23:14:34.0660 0976 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:14:34.0660 0976 secdrv - ok
23:14:34.0707 0976 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:14:34.0722 0976 Serenum - ok
23:14:34.0738 0976 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:14:34.0738 0976 Serial - ok
23:14:34.0785 0976 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:14:34.0785 0976 sermouse - ok
23:14:34.0831 0976 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:14:34.0831 0976 sffdisk - ok
23:14:34.0863 0976 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:14:34.0863 0976 sffp_mmc - ok
23:14:34.0878 0976 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:14:34.0878 0976 sffp_sd - ok
23:14:34.0909 0976 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:14:34.0909 0976 sfloppy - ok
23:14:34.0972 0976 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:14:34.0972 0976 sisagp - ok
23:14:35.0019 0976 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:14:35.0019 0976 SiSRaid2 - ok
23:14:35.0034 0976 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:14:35.0034 0976 SiSRaid4 - ok
23:14:35.0081 0976 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:14:35.0081 0976 Smb - ok
23:14:35.0143 0976 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:14:35.0143 0976 spldr - ok
23:14:35.0221 0976 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:14:35.0221 0976 srv - ok
23:14:35.0253 0976 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:14:35.0253 0976 srv2 - ok
23:14:35.0284 0976 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:14:35.0284 0976 srvnet - ok
23:14:35.0362 0976 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:14:35.0362 0976 stexstor - ok
23:14:35.0424 0976 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:14:35.0424 0976 swenum - ok
23:14:35.0518 0976 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
23:14:35.0533 0976 Tcpip - ok
23:14:35.0611 0976 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
23:14:35.0627 0976 TCPIP6 - ok
23:14:35.0674 0976 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:14:35.0689 0976 tcpipreg - ok
23:14:35.0736 0976 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:14:35.0736 0976 TDPIPE - ok
23:14:35.0752 0976 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
23:14:35.0767 0976 TDTCP - ok
23:14:35.0814 0976 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:14:35.0814 0976 tdx - ok
23:14:35.0861 0976 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:14:35.0877 0976 TermDD - ok
23:14:35.0955 0976 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:14:35.0955 0976 tssecsrv - ok
23:14:36.0017 0976 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:14:36.0017 0976 TsUsbFlt - ok
23:14:36.0095 0976 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:14:36.0095 0976 tunnel - ok
23:14:36.0126 0976 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:14:36.0126 0976 uagp35 - ok
23:14:36.0189 0976 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:14:36.0189 0976 udfs - ok
23:14:36.0251 0976 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:14:36.0251 0976 uliagpkx - ok
23:14:36.0298 0976 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
23:14:36.0298 0976 umbus - ok
23:14:36.0329 0976 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:14:36.0329 0976 UmPass - ok
23:14:36.0360 0976 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
23:14:36.0360 0976 usbccgp - ok
23:14:36.0423 0976 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:14:36.0438 0976 usbcir - ok
23:14:36.0485 0976 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\Windows\system32\DRIVERS\usbcm.sys
23:14:36.0485 0976 usbcm - ok
23:14:36.0501 0976 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
23:14:36.0501 0976 usbehci - ok
23:14:36.0563 0976 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:14:36.0563 0976 usbhub - ok
23:14:36.0579 0976 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
23:14:36.0579 0976 usbohci - ok
23:14:36.0625 0976 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:14:36.0625 0976 usbprint - ok
23:14:36.0657 0976 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
23:14:36.0657 0976 USBSTOR - ok
23:14:36.0672 0976 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
23:14:36.0688 0976 usbuhci - ok
23:14:36.0735 0976 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
23:14:36.0735 0976 VClone - ok
23:14:36.0766 0976 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:14:36.0781 0976 vdrvroot - ok
23:14:36.0813 0976 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:14:36.0813 0976 vga - ok
23:14:36.0844 0976 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:14:36.0844 0976 VgaSave - ok
23:14:36.0891 0976 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:14:36.0891 0976 vhdmp - ok
23:14:36.0937 0976 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:14:36.0937 0976 viaagp - ok
23:14:36.0969 0976 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:14:36.0969 0976 ViaC7 - ok
23:14:37.0000 0976 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:14:37.0000 0976 viaide - ok
23:14:37.0047 0976 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:14:37.0047 0976 volmgr - ok
23:14:37.0078 0976 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:14:37.0078 0976 volmgrx - ok
23:14:37.0140 0976 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:14:37.0140 0976 volsnap - ok
23:14:37.0187 0976 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:14:37.0187 0976 vsmraid - ok
23:14:37.0234 0976 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
23:14:37.0234 0976 vwifibus - ok
23:14:37.0265 0976 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:14:37.0265 0976 WacomPen - ok
23:14:37.0327 0976 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:14:37.0327 0976 WANARP - ok
23:14:37.0343 0976 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:14:37.0343 0976 Wanarpv6 - ok
23:14:37.0421 0976 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:14:37.0421 0976 Wd - ok
23:14:37.0452 0976 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:14:37.0468 0976 Wdf01000 - ok
23:14:37.0546 0976 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:14:37.0561 0976 WfpLwf - ok
23:14:37.0577 0976 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:14:37.0577 0976 WIMMount - ok
23:14:37.0686 0976 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:14:37.0686 0976 WmiAcpi - ok
23:14:37.0733 0976 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:14:37.0733 0976 ws2ifsl - ok
23:14:37.0827 0976 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:14:37.0827 0976 WudfPf - ok
23:14:37.0873 0976 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:14:37.0889 0976 WUDFRd - ok
23:14:37.0967 0976 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
23:14:37.0998 0976 xnacc - ok
23:14:38.0045 0976 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
23:14:38.0045 0976 xusb21 - ok
23:14:38.0107 0976 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:14:38.0123 0976 \Device\Harddisk0\DR0 - ok
23:14:38.0123 0976 Boot (0x1200) (173f513fcf4fee7812257c5f92bc4b45) \Device\Harddisk0\DR0\Partition0
23:14:38.0123 0976 \Device\Harddisk0\DR0\Partition0 - ok
23:14:38.0139 0976 Boot (0x1200) (d2d2a1478d7ecab7fb257d1bb4017914) \Device\Harddisk0\DR0\Partition1
23:14:38.0139 0976 \Device\Harddisk0\DR0\Partition1 - ok
23:14:38.0154 0976 ============================================================
23:14:38.0154 0976 Scan finished
23:14:38.0154 0976 ============================================================
23:14:38.0170 1468 Detected object count: 1
23:14:38.0170 1468 Actual detected object count: 1
23:14:49.0807 1468 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\cmdGuard.sys) error 1813
23:14:49.0917 1468 Backup copy not found, trying to cure infected file..
23:14:49.0917 1468 C:\Windows\system32\DRIVERS\cmdguard.sys - Cure failed (FFFFFFFF)
23:14:49.0917 1468 C:\Windows\system32\DRIVERS\cmdguard.sys - processing error
23:14:52.0069 1468 cmdGuard ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
23:15:46.0966 3152 Deinitialize success
===========================================================================================


**aswMBR (The 'Fix' button WAS NOT enabled)

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 23:16:34
-----------------------------
23:16:34.858 OS Version: Windows 6.1.7601 Service Pack 1
23:16:34.858 Number of processors: 3 586 0x202
23:16:34.874 ComputerName: CHRIS-ADV UserName: Chris
23:16:36.075 Initialize success
23:16:54.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:16:54.957 Disk 0 Vendor: WDC_WD3200AAJS-22L7A0 01.03E01 Size: 305245MB BusType: 3
23:16:56.985 Disk 0 MBR read successfully
23:16:56.985 Disk 0 MBR scan
23:16:56.985 Disk 0 Windows 7 default MBR code
23:16:57.000 Disk 0 scanning sectors +625139712
23:16:57.078 Disk 0 scanning C:\Windows\system32\drivers
23:17:03.755 Service scanning
23:17:04.379 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
23:17:05.050 Modules scanning
23:17:13.006 Disk 0 trace - called modules:
23:17:13.037 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
23:17:13.053 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a6cac8]
23:17:13.053 3 CLASSPNP.SYS[891a059e] -> nt!IofCallDriver -> [0x8597a918]
23:17:13.068 5 ACPI.sys[88bc03d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85974908]
23:17:13.084 Scan finished successfully
23:18:10.118 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Documents\Logs\MBR.dat"
23:18:10.118 The log file has been saved successfully to "C:\Users\Chris\Documents\Logs\aswMBR.txt"
=========================================================================================================


**OTL

OTL logfile created on: 21/11/2011 23:21:49 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 59.94% Memory free
4.00 Gb Paging File | 2.89 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 35.57 Gb Free Space | 12.38% Space Free | Partition Type: NTFS

Computer Name: CHRIS-ADV | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 13:53:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL(1).com
PRC - [2011/11/10 22:59:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/20 11:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/20 01:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 01:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/03/09 00:05:28 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | R--- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/01/27 08:42:48 | 000,044,384 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 22:59:17 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/12 07:07:47 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 07:07:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 07:07:01 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 07:06:37 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 07:06:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/02 04:15:37 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/21 13:47:52 | 000,059,592 | -H-- | M] () -- C:\Program Files\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/20 17:47:36 | 000,094,208 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Clock\Clock.dll
MOD - [2007/04/19 14:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\CrashRpt.dll
MOD - [2007/01/21 11:46:16 | 000,018,944 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2002/03/13 19:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\ODimg.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/20 01:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/09 14:48:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/09 00:05:28 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/06/17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 17:47:53 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/10/07 17:47:52 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 17:47:51 | 000,488,208 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/20 01:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 01:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 00:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/10 06:25:14 | 000,004,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bbcap.sys -- (bbcap)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/17 12:04:24 | 000,101,392 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/03/09 10:21:26 | 000,107,024 | -H-- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008/01/19 04:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2002/04/11 14:21:38 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 02 A9 44 B6 F6 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 22:59:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 06:24:48 | 000,000,000 | ---D | M]

[2011/04/10 07:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/06/03 10:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\07earqv9.default\extensions
[2011/11/09 17:06:00 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\07earqv9.default\extensions\[email protected]
[2011/11/10 22:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/25 12:51:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/10 18:50:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/10 22:59:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 18:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/18 13:36:59 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/18 13:36:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/18 13:36:59 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/18 13:36:59 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/18 13:36:59 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...utputEncoding?}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2011/11/21 22:59:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49D19D3-F435-47A2-8F4D-CF70A24AE014}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49D19D3-F435-47A2-8F4D-CF70A24AE014}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E06C9A65-028C-48E6-868B-C4F7F9360F2B}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 23:05:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/21 22:59:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/21 22:57:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/11/21 22:41:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/21 22:41:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/21 22:41:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/21 22:41:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/21 22:39:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/21 17:57:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Logs
[2011/11/21 13:07:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/11/21 13:06:42 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/21 13:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/21 13:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/21 13:06:39 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/21 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/21 12:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/21 12:56:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/21 11:41:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/11/21 11:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/11/21 11:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/11/20 09:02:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{596A17F1-1AA4-43E0-8C1C-9231D19EB32A}
[2011/11/20 09:02:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5CC5B1DC-7CFD-4B34-BBAA-677D31236951}
[2011/11/19 08:09:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1EE0DC15-71A2-4504-91F7-B2081BB774F5}
[2011/11/19 08:09:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F2C85C29-281E-4E00-8860-94B49DC73B7E}
[2011/11/17 13:30:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\assembly
[2011/11/17 13:17:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{829B11AC-FF49-4C90-985F-3AB617BC95A5}
[2011/11/17 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C6F6F4D6-BB49-405A-9683-BCF556EBFD2D}
[2011/11/15 11:31:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0C81E14F-6AFC-44E1-B1AF-0E87075102FA}
[2011/11/15 11:31:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4C0BE851-67FC-48B1-A74D-76D8959B8EC0}
[2011/11/13 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7EA9E0BD-202D-42A3-B43D-63AECEF8E522}
[2011/11/13 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{84899963-F4B6-4ECD-AC6A-D13F03C7630B}
[2011/11/11 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Skyrim
[2011/11/11 20:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/11/11 19:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\The Elder Scrolls V Skyrim
[2011/11/11 10:53:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{830C25DA-85C1-4606-ABAD-FFF5F60386D5}
[2011/11/11 10:53:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8727E1E9-89B9-4572-BA17-F28D9BBE54FA}
[2011/11/10 18:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/10 18:50:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/10 18:50:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/10 18:50:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/09 13:39:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5BBBBAD9-CBFC-4BA7-929D-3B262DB0AC50}
[2011/11/09 13:39:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8AD2224F-6A4B-46FC-B9CD-7757A428D253}
[2011/11/09 07:11:23 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/08 12:57:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0C4D7665-77F7-42D0-BCC9-B8799E4D66F9}
[2011/11/08 12:57:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4FE73FAE-7672-4BE7-A544-6FD6DB6BADCE}
[2011/11/07 17:53:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A3BEFFEE-B2BB-4834-A1EF-F3A9BB7626B1}
[2011/11/07 17:53:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{99450EBB-3049-4D85-9AA7-ED072AD6A5A4}
[2011/11/06 19:23:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FF58BC3A-379B-4207-B506-F0736481BE10}
[2011/11/06 19:23:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8D67DA18-9EF3-4D66-A4C9-EFF7642634F9}
[2011/11/06 11:35:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/11/06 11:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Fraps
[2011/11/06 11:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sooftmoon
[2011/11/06 11:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\sooftmoon
[2011/11/03 17:28:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{34D9864D-4FA1-41DE-A813-E3D928F0D4AC}
[2011/11/03 17:28:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{16A029CC-8844-4037-AD59-E67BD0F87CE9}
[2011/11/02 08:12:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{85742544-A7D8-448B-89AE-9E312DFFE2BF}
[2011/11/02 08:12:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{286528E2-C838-400C-83DE-32ABFAD74980}
[2011/11/01 11:33:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{214B752D-1B26-47D5-8505-7E5596B85D86}
[2011/11/01 11:33:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6939C71E-B3E4-4B29-B500-DC98CD35AB1E}
[2011/10/31 15:05:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Book of Unwritten Tales
[2011/10/31 15:02:40 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/10/31 15:02:40 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/10/31 15:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/10/31 15:01:22 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/10/31 15:01:21 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/10/31 15:01:21 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/10/31 15:01:21 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/10/31 15:01:21 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/10/31 15:01:21 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/10/31 15:01:20 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/10/31 15:01:20 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/10/31 15:01:20 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/10/31 15:01:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/10/31 15:01:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/10/31 15:01:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/10/31 15:01:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011/10/31 15:01:19 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/10/31 15:01:18 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/10/31 15:01:18 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/10/31 15:01:17 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/10/31 15:01:17 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/10/31 15:01:17 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/10/31 15:01:16 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/10/31 15:01:16 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011/10/31 15:01:16 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011/10/31 15:01:15 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011/10/31 15:01:15 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011/10/31 15:01:15 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/10/31 15:01:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011/10/31 15:01:14 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/10/31 15:01:14 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/10/31 15:01:14 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/10/31 15:01:13 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011/10/31 15:01:13 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/10/31 15:01:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/10/31 15:01:13 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011/10/31 15:01:13 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011/10/31 15:01:13 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/10/31 15:01:13 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011/10/31 15:01:12 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/10/31 15:01:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/10/31 15:01:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/10/31 15:01:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/10/31 15:01:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/10/31 15:01:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/10/31 15:01:11 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/10/31 15:01:10 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/10/31 15:01:10 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/10/31 15:01:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/10/31 15:01:09 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/10/31 15:01:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/10/31 15:01:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/10/31 15:01:08 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/10/31 15:01:08 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/10/31 15:01:08 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/10/31 15:01:08 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/10/31 15:01:07 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/10/31 15:01:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/10/31 15:01:06 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/10/31 15:01:06 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/10/31 15:01:06 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/10/31 15:01:06 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/10/31 15:01:05 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/10/31 15:01:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/10/31 15:01:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/10/31 15:01:04 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/10/31 15:01:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/10/31 15:01:03 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/10/31 15:01:03 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/10/31 15:01:03 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/10/31 15:01:02 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/10/31 15:01:02 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/10/31 15:01:01 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/10/31 15:01:01 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/10/31 15:01:00 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/10/31 15:01:00 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/10/31 15:01:00 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/10/31 15:00:59 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/10/31 15:00:59 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/10/31 15:00:59 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/10/31 15:00:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/10/31 15:00:59 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/10/31 15:00:58 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/10/31 15:00:58 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/10/31 15:00:58 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/10/31 15:00:50 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/10/31 15:00:49 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/10/31 15:00:49 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/10/31 15:00:48 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/10/31 15:00:48 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/10/31 15:00:47 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/10/31 15:00:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/10/31 15:00:46 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/10/31 15:00:44 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/10/31 14:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales
[2011/10/31 14:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Book of Unwritten Tales
[2011/10/30 15:43:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{510B3605-0D96-4540-8D7D-6CAC0E7A9F35}
[2011/10/30 15:43:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4801A159-4FD9-4261-8B80-EE140F444A4A}
[2011/10/27 14:45:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8CE04589-22DA-4580-A585-DCE17B457DEF}
[2011/10/27 14:45:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{12358E02-FADE-460E-AB32-0C2B46C9A619}
[2011/10/25 12:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/24 16:23:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/10/24 07:35:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1BE0FC81-9249-4936-97F6-EBAC44DF0DB9}
[2011/10/24 07:35:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{96B15FA6-3466-47A5-A007-9F39350BD7CA}
[2011/10/23 07:17:14 | 000,033,984 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll

========== Files - Modified Within 30 Days ==========

[2011/11/21 23:08:16 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 23:08:16 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 23:04:49 | 000,630,124 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/21 23:04:49 | 000,111,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 22:59:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/21 22:59:08 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
[2011/11/21 22:59:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 22:58:53 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 21:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579966273-1700416189-516274256-1000UA.job
[2011/11/21 13:06:42 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 12:56:55 | 000,002,963 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/11/21 10:23:54 | 000,008,275 | ---- | M] () -- C:\Windows\YAHVOX_ignore.ini
[2011/11/20 22:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2579966273-1700416189-516274256-1000Core.job
[2011/11/19 07:47:01 | 000,002,410 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2011/11/16 18:43:38 | 000,028,160 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/15 07:13:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/12 18:59:49 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/11/10 22:59:33 | 000,002,004 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 07:16:15 | 000,365,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/06 11:35:05 | 000,000,931 | ---- | M] () -- C:\Users\Chris\Desktop\Fraps.lnk
[2011/10/31 15:02:40 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/10/31 15:02:40 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/10/25 12:50:53 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2011/11/21 22:41:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/21 22:41:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/21 22:41:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/21 22:41:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/21 22:41:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/21 13:06:42 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 12:56:55 | 000,002,963 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/11/06 11:35:05 | 000,000,931 | ---- | C] () -- C:\Users\Chris\Desktop\Fraps.lnk
[2011/10/09 07:45:19 | 000,000,427 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2011/09/23 11:12:38 | 000,000,080 | RHS- | C] () -- C:\Windows\CT6PRET.BIN
[2011/06/02 07:08:23 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/02 07:08:23 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/13 06:24:07 | 000,028,160 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 00:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/15 14:25:18 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/04/12 12:56:56 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011/04/11 08:11:17 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/04/10 07:30:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/09 21:50:48 | 000,008,275 | ---- | C] () -- C:\Windows\YAHVOX_ignore.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/09 13:05:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\yacsui.dll
[2011/04/09 12:29:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 20:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/06 16:36:54 | 000,488,208 | ---- | C] () -- C:\Windows\System32\drivers\cmdGuard.sys
[2009/12/03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,365,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,630,124 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,111,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/19 19:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:4BF2F6B5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:466F9D5D

< End of report >
==============================================================================

**OTL Extra

OTL Extras logfile created on: 21/11/2011 23:21:49 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 59.94% Memory free
4.00 Gb Paging File | 2.89 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 35.57 Gb Free Space | 12.38% Space Free | Partition Type: NTFS

Computer Name: CHRIS-ADV | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{080E275F-67BF-6E44-10A5-6B25BD0C73E6}" = ccc-utility
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB2107E-82FE-3167-6E71-B9D44EA4FD26}" = AMD Drag and Drop Transcoding
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47F6627C-61DD-4191-91C3-2E4077EE7B1F}" = MAGIX Music Maker 17 Premium Download Version
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.21 PRO
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{652CD1F7-23C6-462D-963C-60F92C3BF332}" = BB FlashBack Pro
"{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F12E64D-2F6F-4F85-A8FE-4ED29350BD6C}" = calibre
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{8004E5FD-A3A1-F723-EDAF-D5808A756DDC}" = Catalyst Control Center Graphics Previews Common
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE38A85-E60F-4099-97EA-343BB36604B6}_is1" = Easy Music Downloader version 2.5.8.3
"{8FD4407C-A901-092A-EB3C-602B52C361DC}" = Catalyst Control Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A6F4E4F-9FAB-78A2-020B-3DAED3B2E0E1}" = AMD Fuel
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{a72ce741-1f32-4d79-bffb-a714375c678d}_is1" = Bigasoft Total Video Converter 3.3.4.4105
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B352D3F6-352B-4031-9C79-2C7A26062BBC}" = MAGIX Music Maker 17 Premium (Synthesizer and effects)
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB751CFD-8BCE-9754-ACBE-D6EFDC69C937}" = WMV9/VC-1 Video Playback
"{C24B0741-A616-6C3F-F952-BAC0CE90761F}" = CCC Help English
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DFDD2913-557D-4EB5-8745-47749E521760}" = MAGIX Screenshare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9BECF5D-5BA8-950F-7757-17D825A37371}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDD41BE8-3FEE-4839-B1D8-8970D24D314D}" = MAGIX Speed burnR (MSI)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.80
"ASIO4ALL" = ASIO4ALL
"aTube Catcher" = aTube Catcher
"BB FlashBack Pro" = BB FlashBack Pro
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"Collab" = Collab
"DivX Setup.divx.com" = DivX Setup
"Driver Checker_is1" = Driver Checker v2.7.3
"Driver San Francisco" = Driver San Francisco
"Fallout New Vegas_is1" = Fallout New Vegas
"FIFA 12 © EA_is1" = FIFA 12 © EA version 1
"FL Studio 8" = FL Studio 8
"Fraps" = Fraps (remove only)
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"IL Download Manager" = IL Download Manager
"MAGIX_MSI_mm17dlx" = MAGIX Music Maker 17 Premium Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"Postal 2_is1" = Portal 2
"Resolume Avenue 3.3.2_is1" = Resolume Avenue 3.3.2
"SopCast" = SopCast 3.4.0
"The Book Of Unwritten Tales_is1" = The Book Of Unwritten Tales version 1.03
"Toxic Biohazard" = Toxic Biohazard
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VistaVoiceFix_0" = VistaVoiceFix® 10.0
"VLC media player" = VLC media player 1.0.0
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.6
"WordWeb" = WordWeb
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Y!Caddy" = Y!Caddy
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/11/2011 16:52:25 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 20/11/2011 15:53:03 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 20/11/2011 15:54:23 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\driver
checker\download\realtek_driver_232_win_vistawin7\Vista64\RAVBg64.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/11/2011 15:54:23 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\driver
checker\download\realtek_driver_232_win_vistawin7\Vista64\RAVCpl64.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/11/2011 15:54:24 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\driver
checker\download\realtek_driver_232_win_vistawin7\Vista64\vncutil64.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/11/2011 15:54:53 | Computer Name = Chris-ADV | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 21/11/2011 07:06:26 | Computer Name = Chris-ADV | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 314 Start
Time: 01cca83d74c5a500 Termination Time: 50 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: d3820508-1430-11e1-b269-00028a17f4f3

Error - 21/11/2011 09:08:47 | Computer Name = Chris-ADV | Source = Application Error | ID = 1000
Description = Faulting application name: mbamservice.exe, version: 1.51.1.0, time
stamp: 0x4e0f0e18 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x4c4b4a49 Faulting process id: 0x8dc Faulting application
start time: 0x01cca84e8e858972 Faulting application path: C:\Program Files\Malwarebytes'
Anti-Malware\mbamservice.exe Faulting module path: unknown Report Id: f20b916c-1441-11e1-b269-00028a17f4f3

Error - 21/11/2011 09:53:00 | Computer Name = Chris-ADV | Source = Application Hang | ID = 1002
Description = The program OTL.com version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 540 Start Time:
01cca854b06be9ac Termination Time: 12 Application Path: C:\Users\Chris\Downloads\OTL.com

Report
Id: 1daca03e-1448-11e1-bbfd-00028a17f4f3

Error - 21/11/2011 15:31:10 | Computer Name = Chris-ADV | Source = Application Error | ID = 1000
Description = Faulting application name: setup.exe_PRP2S, version: 2.2.1201.1110,
time stamp: 0x49b01b37 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96e Exception code: 0xc00000fd Fault offset: 0x00052c27 Faulting
process id: 0x84c Faulting application start time: 0x01cca8840e45639d Faulting application
path: C:\Windows\TEMP\qsxyhk\setup.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 5d50a883-1477-11e1-bbfd-00028a17f4f3

[ System Events ]
Error - 21/11/2011 18:46:32 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 18:46:32 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 18:46:32 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 18:46:51 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 18:47:03 | Computer Name = Chris-ADV | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 21/11/2011 18:47:03 | Computer Name = Chris-ADV | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 21/11/2011 18:54:01 | Computer Name = Chris-ADV | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 21/11/2011 18:59:08 | Computer Name = Chris-ADV | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:58:04 on ?21/?11/?2011 was unexpected.

Error - 21/11/2011 18:59:23 | Computer Name = Chris-ADV | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3

Error - 21/11/2011 19:00:25 | Computer Name = Chris-ADV | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >
==============================================================================


Once again, thank you. I await further instruction.
  • 0

#4
RKinner
Posted 21 November 2011 - 05:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Run Combofix and TDSSKiller again and post their logs.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. Is the redirect gone?

Ron
  • 0

#5
Bloke82
Posted 22 November 2011 - 03:47 AM

Bloke82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ron,

I ran ComboFix and TDSSKiller as requested. Here are the logs...


**ComboFix

ComboFix 11-11-21.01 - Chris 22/11/2011 8:27.2.3 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2047.1177 [GMT 0:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-22 08:36 . 2011-11-22 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 08:25 . 2011-11-22 08:25 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA6F62CE-BE84-4CCD-86D8-E94AED182710}\offreg.dll
2011-11-22 08:25 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA6F62CE-BE84-4CCD-86D8-E94AED182710}\mpengine.dll
2011-11-21 22:57 . 2011-11-22 08:36 -------- d-----w- c:\users\Chris\AppData\Local\temp
2011-11-21 22:44 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-21 13:07 . 2011-11-21 13:07 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-11-21 13:06 . 2011-11-21 13:06 -------- d-----w- c:\programdata\Malwarebytes
2011-11-21 13:06 . 2011-07-06 19:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-21 13:06 . 2011-11-21 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-21 13:06 . 2011-07-06 19:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 12:56 . 2011-11-21 12:56 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-21 12:56 . 2011-11-21 12:56 -------- d-----w- c:\program files\Trend Micro
2011-11-21 11:41 . 2011-11-21 11:41 -------- d-----w- c:\program files\Unlocker
2011-11-17 13:30 . 2011-11-17 13:30 -------- d-----w- c:\users\Chris\AppData\Local\assembly
2011-11-11 20:19 . 2011-11-11 20:19 -------- d-----w- c:\users\Chris\AppData\Local\Skyrim
2011-11-11 19:52 . 2011-11-11 21:19 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-10 18:51 . 2011-11-10 18:51 -------- d-----w- c:\program files\Common Files\Java
2011-11-09 07:11 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 07:11 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:11 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 11:32 . 2011-11-06 11:39 -------- d-----w- c:\program files\Fraps
2011-11-06 11:23 . 2011-11-06 11:23 -------- d-----w- c:\program files\sooftmoon
2011-10-31 15:02 . 2011-10-31 15:02 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-31 15:02 . 2011-10-31 15:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-10-31 15:02 . 2011-10-31 15:02 -------- d-----w- c:\program files\OpenAL
2011-10-31 15:00 . 2007-03-05 12:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2011-10-31 14:49 . 2011-10-31 15:41 -------- d-----w- c:\program files\Book of Unwritten Tales
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 07:13 . 2011-07-11 07:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-22 11:05 . 2011-10-22 11:05 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-10-07 17:47 . 2011-01-06 16:36 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:47 . 2011-01-06 16:36 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:47 . 2011-01-06 16:36 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2011-01-06 16:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2011-10-23 07:17 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 17:47 . 2010-12-29 00:42 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-07 03:48 . 2011-10-02 06:36 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 05:06 . 2011-04-12 12:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 07:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-01 07:44 . 2011-10-01 07:44 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C373806F-E4A2-4E8C-BD8C-FD86A5034B76}\gapaengine.dll
2011-10-01 07:39 . 2011-10-01 07:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-01 07:39 . 2011-10-01 07:39 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-01 07:39 . 2011-10-01 07:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-01 07:39 . 2011-10-01 07:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-01 07:39 . 2011-10-01 07:39 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-01 07:39 . 2011-10-01 07:39 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-01 07:39 . 2011-10-01 07:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-01 07:39 . 2011-10-01 07:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-01 07:39 . 2011-10-01 07:39 367104 ----a-w- c:\windows\system32\html.iec
2011-10-01 07:39 . 2011-10-01 07:39 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-01 07:39 . 2011-10-01 07:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-01 07:39 . 2011-10-01 07:39 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-01 07:39 . 2011-10-01 07:39 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-01 07:39 . 2011-10-01 07:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-01 07:39 . 2011-10-01 07:39 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-01 07:39 . 2011-10-01 07:39 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-01 07:39 . 2011-10-01 07:39 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-01 07:39 . 2011-10-01 07:39 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-21 08:00 . 2011-10-01 07:17 7269712 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3765187B-267F-4A58-9C06-EE7AB1478256}\mpengine.dll
2011-09-01 02:35 . 2011-10-12 07:01 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 07:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26 . 2011-10-12 06:53 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 06:53 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-11-10 22:59 . 2011-04-10 07:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-21_22.59.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-09 13:50 . 2011-11-22 08:16 32514 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-11-22 08:16 33888 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2011-11-21 23:01 33888 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-09 13:17 . 2011-11-22 08:16 11798 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2579966273-1700416189-516274256-1000_UserData.bin
+ 2011-04-09 12:36 . 2011-11-22 08:14 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-09 12:36 . 2011-11-21 22:56 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-16 00:29 . 2011-11-21 23:49 2788 c:\windows\System32\wdi\ERCQueuedResolutions.dat
- 2011-11-21 22:46 . 2011-11-21 22:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-22 08:14 . 2011-11-22 08:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-22 08:14 . 2011-11-22 08:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-21 22:46 . 2011-11-21 22:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-11-22 08:18 630124 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-11-21 22:53 630124 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-11-21 22:53 111208 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2011-11-22 08:18 111208 c:\windows\System32\perfc009.dat
- 2009-07-14 04:41 . 2011-11-21 22:56 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-11-22 08:14 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:47 . 2011-11-21 22:45 327600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-11-22 08:13 327600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-09 12:36 . 2011-11-22 08:14 1015808 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-09 12:36 . 2011-11-21 22:56 1015808 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-09 21:51 . 2011-11-22 08:13 1138080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-09 21:51 . 2011-11-21 22:45 1138080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-10 07:37 . 2011-11-21 22:45 21045756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2579966273-1700416189-516274256-1000-12288.dat
+ 2011-04-10 07:37 . 2011-11-22 08:13 21045756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2579966273-1700416189-516274256-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-04-10 7731744]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2011-4-9 3450608]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2011-4-9 44384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-05-17 12:29 395144 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler]
2010-06-14 08:38 471650 ----a-w- c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-09 1343400]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 39640]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 294400]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2011-04-10 4096]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2579966273-1700416189-516274256-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 18:25]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2579966273-1700416189-516274256-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D49D19D3-F435-47A2-8F4D-CF70A24AE014}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{E06C9A65-028C-48E6-868B-C4F7F9360F2B}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\07earqv9.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\System32\guard32.dll
.
- - - - - - - > 'lsass.exe'(648)
c:\windows\System32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(520)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
.
Completion time: 2011-11-22 08:38:48
ComboFix-quarantined-files.txt 2011-11-22 08:38
ComboFix2.txt 2011-11-21 23:05
.
Pre-Run: 38,160,269,312 bytes free
Post-Run: 38,108,954,624 bytes free
.
- - End Of File - - 12B8B0A65535A2584678EEE352C8A54E
=============================================================================


**TDSSKiller

08:40:36.0854 2764 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
08:40:37.0057 2764 ============================================================
08:40:37.0057 2764 Current date / time: 2011/11/22 08:40:37.0057
08:40:37.0057 2764 SystemInfo:
08:40:37.0057 2764
08:40:37.0057 2764 OS Version: 6.1.7601 ServicePack: 1.0
08:40:37.0057 2764 Product type: Workstation
08:40:37.0057 2764 ComputerName: CHRIS-ADV
08:40:37.0073 2764 UserName: Chris
08:40:37.0073 2764 Windows directory: C:\Windows
08:40:37.0073 2764 System windows directory: C:\Windows
08:40:37.0073 2764 Processor architecture: Intel x86
08:40:37.0073 2764 Number of processors: 3
08:40:37.0073 2764 Page size: 0x1000
08:40:37.0073 2764 Boot type: Normal boot
08:40:37.0073 2764 ============================================================
08:40:38.0071 2764 Initialize success
08:40:43.0859 1140 ============================================================
08:40:43.0859 1140 Scan started
08:40:43.0859 1140 Mode: Manual;
08:40:43.0859 1140 ============================================================
08:40:44.0389 1140 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:40:44.0389 1140 1394ohci - ok
08:40:44.0436 1140 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:40:44.0451 1140 ACPI - ok
08:40:44.0498 1140 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:40:44.0498 1140 AcpiPmi - ok
08:40:44.0576 1140 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:40:44.0592 1140 adp94xx - ok
08:40:44.0607 1140 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:40:44.0623 1140 adpahci - ok
08:40:44.0639 1140 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:40:44.0639 1140 adpu320 - ok
08:40:44.0732 1140 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:40:44.0732 1140 AFD - ok
08:40:44.0779 1140 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:40:44.0779 1140 agp440 - ok
08:40:44.0826 1140 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:40:44.0826 1140 aic78xx - ok
08:40:44.0873 1140 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:40:44.0888 1140 aliide - ok
08:40:44.0951 1140 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:40:44.0951 1140 amdagp - ok
08:40:44.0982 1140 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:40:44.0982 1140 amdide - ok
08:40:45.0044 1140 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
08:40:45.0044 1140 amdiox86 - ok
08:40:45.0107 1140 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:40:45.0107 1140 AmdK8 - ok
08:40:45.0294 1140 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
08:40:45.0465 1140 amdkmdag - ok
08:40:45.0497 1140 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
08:40:45.0497 1140 amdkmdap - ok
08:40:45.0559 1140 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:40:45.0559 1140 AmdPPM - ok
08:40:45.0621 1140 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:40:45.0621 1140 amdsata - ok
08:40:45.0668 1140 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:40:45.0668 1140 amdsbs - ok
08:40:45.0699 1140 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:40:45.0699 1140 amdxata - ok
08:40:45.0746 1140 AODDriver4.0 - ok
08:40:45.0902 1140 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:40:45.0902 1140 AppID - ok
08:40:45.0918 1140 appliandMP - ok
08:40:46.0011 1140 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:40:46.0011 1140 arc - ok
08:40:46.0043 1140 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:40:46.0043 1140 arcsas - ok
08:40:46.0089 1140 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:40:46.0089 1140 AsyncMac - ok
08:40:46.0136 1140 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:40:46.0136 1140 atapi - ok
08:40:46.0183 1140 AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) C:\Windows\system32\drivers\AtihdW73.sys
08:40:46.0183 1140 AtiHDAudioService - ok
08:40:46.0230 1140 AtiHdmiService (c822c615b2f693ef4e5b355432976a81) C:\Windows\system32\drivers\AtiHdmi.sys
08:40:46.0230 1140 AtiHdmiService - ok
08:40:46.0401 1140 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
08:40:46.0464 1140 atikmdag - ok
08:40:46.0589 1140 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:40:46.0604 1140 b06bdrv - ok
08:40:46.0667 1140 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:40:46.0667 1140 b57nd60x - ok
08:40:46.0760 1140 bbcap (709fbe6eced1c3259d2b50bb0520b765) C:\Windows\system32\DRIVERS\bbcap.sys
08:40:46.0760 1140 bbcap - ok
08:40:46.0885 1140 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:40:46.0885 1140 Beep - ok
08:40:46.0947 1140 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:40:46.0947 1140 blbdrive - ok
08:40:46.0979 1140 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:40:46.0979 1140 bowser - ok
08:40:47.0010 1140 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:40:47.0010 1140 BrFiltLo - ok
08:40:47.0025 1140 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:40:47.0025 1140 BrFiltUp - ok
08:40:47.0057 1140 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:40:47.0072 1140 Brserid - ok
08:40:47.0088 1140 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:40:47.0088 1140 BrSerWdm - ok
08:40:47.0103 1140 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:40:47.0103 1140 BrUsbMdm - ok
08:40:47.0135 1140 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:40:47.0135 1140 BrUsbSer - ok
08:40:47.0150 1140 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:40:47.0166 1140 BTHMODEM - ok
08:40:47.0244 1140 catchme - ok
08:40:47.0369 1140 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:40:47.0369 1140 cdfs - ok
08:40:47.0462 1140 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
08:40:47.0478 1140 cdrom - ok
08:40:47.0509 1140 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:40:47.0525 1140 circlass - ok
08:40:47.0556 1140 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:40:47.0571 1140 CLFS - ok
08:40:47.0634 1140 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:40:47.0634 1140 CmBatt - ok
08:40:47.0696 1140 cmdGuard (a4851a1d338622f959f9a0f5c2d00d78) C:\Windows\system32\DRIVERS\cmdguard.sys
08:40:47.0696 1140 cmdGuard ( Rootkit.Win32.ZAccess.k ) - infected
08:40:47.0696 1140 cmdGuard - detected Rootkit.Win32.ZAccess.k (0)
08:40:47.0759 1140 cmdHlp (7faba2d3b4912b8762d1fec63ad12525) C:\Windows\system32\DRIVERS\cmdhlp.sys
08:40:47.0759 1140 cmdHlp - ok
08:40:47.0805 1140 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:40:47.0805 1140 cmdide - ok
08:40:47.0868 1140 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
08:40:47.0868 1140 CNG - ok
08:40:47.0899 1140 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:40:47.0899 1140 Compbatt - ok
08:40:47.0961 1140 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:40:47.0961 1140 CompositeBus - ok
08:40:48.0008 1140 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:40:48.0008 1140 crcdisk - ok
08:40:48.0133 1140 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:40:48.0133 1140 DfsC - ok
08:40:48.0164 1140 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:40:48.0164 1140 discache - ok
08:40:48.0211 1140 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:40:48.0211 1140 Disk - ok
08:40:48.0273 1140 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:40:48.0273 1140 drmkaud - ok
08:40:48.0320 1140 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:40:48.0351 1140 DXGKrnl - ok
08:40:48.0476 1140 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:40:48.0554 1140 ebdrv - ok
08:40:48.0695 1140 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
08:40:48.0695 1140 ElbyCDIO - ok
08:40:48.0773 1140 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:40:48.0788 1140 elxstor - ok
08:40:48.0819 1140 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:40:48.0819 1140 ErrDev - ok
08:40:48.0882 1140 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:40:48.0882 1140 exfat - ok
08:40:48.0913 1140 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:40:48.0913 1140 fastfat - ok
08:40:48.0960 1140 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:40:48.0960 1140 fdc - ok
08:40:48.0991 1140 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:40:48.0991 1140 FileInfo - ok
08:40:49.0007 1140 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:40:49.0007 1140 Filetrace - ok
08:40:49.0053 1140 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:40:49.0053 1140 flpydisk - ok
08:40:49.0100 1140 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:40:49.0100 1140 FltMgr - ok
08:40:49.0131 1140 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:40:49.0131 1140 FsDepends - ok
08:40:49.0163 1140 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:40:49.0163 1140 Fs_Rec - ok
08:40:49.0225 1140 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:40:49.0225 1140 fvevol - ok
08:40:49.0272 1140 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:40:49.0272 1140 gagp30kx - ok
08:40:49.0287 1140 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:40:49.0287 1140 hcw85cir - ok
08:40:49.0365 1140 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
08:40:49.0365 1140 HdAudAddService - ok
08:40:49.0428 1140 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:40:49.0428 1140 HDAudBus - ok
08:40:49.0459 1140 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:40:49.0459 1140 HidBatt - ok
08:40:49.0490 1140 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:40:49.0490 1140 HidBth - ok
08:40:49.0506 1140 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:40:49.0506 1140 HidIr - ok
08:40:49.0584 1140 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:40:49.0584 1140 HidUsb - ok
08:40:49.0646 1140 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:40:49.0646 1140 HpSAMD - ok
08:40:49.0724 1140 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:40:49.0740 1140 HTTP - ok
08:40:49.0787 1140 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:40:49.0787 1140 hwpolicy - ok
08:40:49.0865 1140 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:40:49.0880 1140 i8042prt - ok
08:40:49.0927 1140 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:40:49.0943 1140 iaStorV - ok
08:40:49.0974 1140 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:40:49.0989 1140 iirsp - ok
08:40:50.0021 1140 inspect (aa686b40a4f837bc66ad3183b2bbd981) C:\Windows\system32\DRIVERS\inspect.sys
08:40:50.0021 1140 inspect - ok
08:40:50.0161 1140 IntcAzAudAddService (2c314284938e308da50d49e50404d9fc) C:\Windows\system32\drivers\RTKVHDA.sys
08:40:50.0223 1140 IntcAzAudAddService - ok
08:40:50.0270 1140 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:40:50.0270 1140 intelide - ok
08:40:50.0333 1140 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:40:50.0333 1140 intelppm - ok
08:40:50.0348 1140 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:40:50.0348 1140 IpFilterDriver - ok
08:40:50.0411 1140 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:40:50.0411 1140 IPMIDRV - ok
08:40:50.0426 1140 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:40:50.0442 1140 IPNAT - ok
08:40:50.0489 1140 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
08:40:50.0489 1140 irda - ok
08:40:50.0535 1140 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:40:50.0535 1140 IRENUM - ok
08:40:50.0598 1140 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
08:40:50.0613 1140 irsir - ok
08:40:50.0660 1140 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:40:50.0660 1140 isapnp - ok
08:40:50.0691 1140 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:40:50.0691 1140 iScsiPrt - ok
08:40:50.0738 1140 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
08:40:50.0738 1140 kbdclass - ok
08:40:50.0785 1140 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
08:40:50.0785 1140 kbdhid - ok
08:40:50.0847 1140 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
08:40:50.0847 1140 KSecDD - ok
08:40:50.0879 1140 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
08:40:50.0879 1140 KSecPkg - ok
08:40:50.0957 1140 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:40:50.0957 1140 lltdio - ok
08:40:51.0003 1140 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:40:51.0019 1140 LSI_FC - ok
08:40:51.0035 1140 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:40:51.0035 1140 LSI_SAS - ok
08:40:51.0050 1140 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:40:51.0050 1140 LSI_SAS2 - ok
08:40:51.0066 1140 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:40:51.0066 1140 LSI_SCSI - ok
08:40:51.0128 1140 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:40:51.0128 1140 luafv - ok
08:40:51.0191 1140 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
08:40:51.0191 1140 MBAMProtector - ok
08:40:51.0253 1140 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
08:40:51.0269 1140 MBAMSwissArmy - ok
08:40:51.0315 1140 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:40:51.0315 1140 megasas - ok
08:40:51.0347 1140 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:40:51.0362 1140 MegaSR - ok
08:40:51.0393 1140 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:40:51.0393 1140 Modem - ok
08:40:51.0425 1140 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:40:51.0440 1140 monitor - ok
08:40:51.0471 1140 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:40:51.0487 1140 mouclass - ok
08:40:51.0534 1140 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:40:51.0534 1140 mouhid - ok
08:40:51.0581 1140 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:40:51.0581 1140 mountmgr - ok
08:40:51.0643 1140 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
08:40:51.0643 1140 MpFilter - ok
08:40:51.0705 1140 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:40:51.0705 1140 mpio - ok
08:40:51.0737 1140 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
08:40:51.0737 1140 MpNWMon - ok
08:40:51.0768 1140 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:40:51.0768 1140 mpsdrv - ok
08:40:51.0815 1140 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:40:51.0815 1140 MRxDAV - ok
08:40:51.0877 1140 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:40:51.0877 1140 mrxsmb - ok
08:40:51.0939 1140 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:40:51.0939 1140 mrxsmb10 - ok
08:40:52.0002 1140 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:40:52.0002 1140 mrxsmb20 - ok
08:40:52.0049 1140 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:40:52.0049 1140 msahci - ok
08:40:52.0095 1140 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:40:52.0095 1140 msdsm - ok
08:40:52.0142 1140 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:40:52.0142 1140 Msfs - ok
08:40:52.0173 1140 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:40:52.0173 1140 mshidkmdf - ok
08:40:52.0189 1140 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:40:52.0189 1140 msisadrv - ok
08:40:52.0236 1140 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:40:52.0251 1140 MSKSSRV - ok
08:40:52.0298 1140 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:40:52.0298 1140 MSPCLOCK - ok
08:40:52.0329 1140 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:40:52.0329 1140 MSPQM - ok
08:40:52.0361 1140 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:40:52.0361 1140 MsRPC - ok
08:40:52.0407 1140 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:40:52.0423 1140 mssmbios - ok
08:40:52.0470 1140 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:40:52.0470 1140 MSTEE - ok
08:40:52.0485 1140 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:40:52.0485 1140 MTConfig - ok
08:40:52.0501 1140 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:40:52.0517 1140 Mup - ok
08:40:52.0563 1140 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:40:52.0579 1140 NativeWifiP - ok
08:40:52.0657 1140 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:40:52.0657 1140 NDIS - ok
08:40:52.0704 1140 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:40:52.0704 1140 NdisCap - ok
08:40:52.0751 1140 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:40:52.0751 1140 NdisTapi - ok
08:40:52.0797 1140 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:40:52.0797 1140 Ndisuio - ok
08:40:52.0844 1140 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:40:52.0860 1140 NdisWan - ok
08:40:52.0907 1140 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:40:52.0907 1140 NDProxy - ok
08:40:52.0953 1140 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:40:52.0969 1140 NetBIOS - ok
08:40:53.0016 1140 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:40:53.0016 1140 NetBT - ok
08:40:53.0109 1140 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:40:53.0109 1140 nfrd960 - ok
08:40:53.0156 1140 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:40:53.0156 1140 NisDrv - ok
08:40:53.0203 1140 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:40:53.0203 1140 Npfs - ok
08:40:53.0234 1140 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:40:53.0234 1140 nsiproxy - ok
08:40:53.0328 1140 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:40:53.0343 1140 Ntfs - ok
08:40:53.0375 1140 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:40:53.0375 1140 Null - ok
08:40:53.0437 1140 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:40:53.0437 1140 nvraid - ok
08:40:53.0453 1140 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:40:53.0468 1140 nvstor - ok
08:40:53.0484 1140 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:40:53.0484 1140 nv_agp - ok
08:40:53.0531 1140 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:40:53.0531 1140 ohci1394 - ok
08:40:53.0593 1140 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:40:53.0593 1140 Parport - ok
08:40:53.0655 1140 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
08:40:53.0655 1140 partmgr - ok
08:40:53.0671 1140 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:40:53.0671 1140 Parvdm - ok
08:40:53.0733 1140 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:40:53.0733 1140 pci - ok
08:40:53.0765 1140 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:40:53.0765 1140 pciide - ok
08:40:53.0780 1140 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:40:53.0796 1140 pcmcia - ok
08:40:53.0811 1140 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:40:53.0811 1140 pcw - ok
08:40:53.0858 1140 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:40:53.0874 1140 PEAUTH - ok
08:40:53.0967 1140 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:40:53.0967 1140 PptpMiniport - ok
08:40:53.0999 1140 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:40:53.0999 1140 Processor - ok
08:40:54.0061 1140 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:40:54.0061 1140 Psched - ok
08:40:54.0123 1140 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:40:54.0155 1140 ql2300 - ok
08:40:54.0170 1140 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:40:54.0170 1140 ql40xx - ok
08:40:54.0201 1140 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:40:54.0201 1140 QWAVEdrv - ok
08:40:54.0217 1140 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:40:54.0217 1140 RasAcd - ok
08:40:54.0279 1140 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:40:54.0279 1140 RasAgileVpn - ok
08:40:54.0295 1140 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:40:54.0311 1140 Rasl2tp - ok
08:40:54.0357 1140 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:40:54.0357 1140 RasPppoe - ok
08:40:54.0404 1140 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:40:54.0404 1140 RasSstp - ok
08:40:54.0451 1140 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:40:54.0467 1140 rdbss - ok
08:40:54.0482 1140 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:40:54.0498 1140 rdpbus - ok
08:40:54.0545 1140 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:40:54.0545 1140 RDPCDD - ok
08:40:54.0591 1140 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:40:54.0591 1140 RDPENCDD - ok
08:40:54.0623 1140 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:40:54.0623 1140 RDPREFMP - ok
08:40:54.0669 1140 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
08:40:54.0685 1140 RDPWD - ok
08:40:54.0747 1140 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:40:54.0747 1140 rdyboost - ok
08:40:54.0825 1140 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:40:54.0825 1140 rspndr - ok
08:40:54.0888 1140 RTL8167 (aa9c3881a74a6d66a2ad869b03e8d3f5) C:\Windows\system32\DRIVERS\Rt86win7.sys
08:40:54.0888 1140 RTL8167 - ok
08:40:54.0966 1140 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:40:54.0966 1140 sbp2port - ok
08:40:55.0059 1140 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:40:55.0059 1140 scfilter - ok
08:40:55.0153 1140 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:40:55.0153 1140 secdrv - ok
08:40:55.0215 1140 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:40:55.0215 1140 Serenum - ok
08:40:55.0231 1140 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:40:55.0231 1140 Serial - ok
08:40:55.0278 1140 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:40:55.0278 1140 sermouse - ok
08:40:55.0325 1140 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:40:55.0325 1140 sffdisk - ok
08:40:55.0340 1140 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:40:55.0340 1140 sffp_mmc - ok
08:40:55.0356 1140 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:40:55.0356 1140 sffp_sd - ok
08:40:55.0387 1140 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:40:55.0387 1140 sfloppy - ok
08:40:55.0418 1140 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:40:55.0418 1140 sisagp - ok
08:40:55.0465 1140 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:40:55.0465 1140 SiSRaid2 - ok
08:40:55.0481 1140 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:40:55.0481 1140 SiSRaid4 - ok
08:40:55.0512 1140 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:40:55.0527 1140 Smb - ok
08:40:55.0543 1140 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:40:55.0559 1140 spldr - ok
08:40:55.0621 1140 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:40:55.0621 1140 srv - ok
08:40:55.0652 1140 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:40:55.0652 1140 srv2 - ok
08:40:55.0683 1140 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:40:55.0683 1140 srvnet - ok
08:40:55.0761 1140 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:40:55.0761 1140 stexstor - ok
08:40:55.0808 1140 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:40:55.0808 1140 swenum - ok
08:40:55.0917 1140 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
08:40:55.0933 1140 Tcpip - ok
08:40:56.0011 1140 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
08:40:56.0027 1140 TCPIP6 - ok
08:40:56.0073 1140 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:40:56.0073 1140 tcpipreg - ok
08:40:56.0136 1140 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:40:56.0136 1140 TDPIPE - ok
08:40:56.0151 1140 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
08:40:56.0151 1140 TDTCP - ok
08:40:56.0214 1140 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:40:56.0214 1140 tdx - ok
08:40:56.0261 1140 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:40:56.0261 1140 TermDD - ok
08:40:56.0354 1140 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:40:56.0354 1140 tssecsrv - ok
08:40:56.0417 1140 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:40:56.0417 1140 TsUsbFlt - ok
08:40:56.0479 1140 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:40:56.0495 1140 tunnel - ok
08:40:56.0526 1140 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:40:56.0526 1140 uagp35 - ok
08:40:56.0573 1140 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:40:56.0588 1140 udfs - ok
08:40:56.0651 1140 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:40:56.0651 1140 uliagpkx - ok
08:40:56.0713 1140 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
08:40:56.0713 1140 umbus - ok
08:40:56.0744 1140 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:40:56.0744 1140 UmPass - ok
08:40:56.0775 1140 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
08:40:56.0775 1140 usbccgp - ok
08:40:56.0822 1140 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:40:56.0822 1140 usbcir - ok
08:40:56.0869 1140 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\Windows\system32\DRIVERS\usbcm.sys
08:40:56.0885 1140 usbcm - ok
08:40:56.0885 1140 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
08:40:56.0885 1140 usbehci - ok
08:40:56.0947 1140 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:40:56.0947 1140 usbhub - ok
08:40:56.0963 1140 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
08:40:56.0978 1140 usbohci - ok
08:40:57.0009 1140 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:40:57.0009 1140 usbprint - ok
08:40:57.0025 1140 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
08:40:57.0041 1140 USBSTOR - ok
08:40:57.0056 1140 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
08:40:57.0056 1140 usbuhci - ok
08:40:57.0119 1140 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
08:40:57.0119 1140 VClone - ok
08:40:57.0150 1140 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:40:57.0150 1140 vdrvroot - ok
08:40:57.0212 1140 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:40:57.0212 1140 vga - ok
08:40:57.0243 1140 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:40:57.0243 1140 VgaSave - ok
08:40:57.0290 1140 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:40:57.0290 1140 vhdmp - ok
08:40:57.0337 1140 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:40:57.0337 1140 viaagp - ok
08:40:57.0368 1140 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:40:57.0384 1140 ViaC7 - ok
08:40:57.0399 1140 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:40:57.0399 1140 viaide - ok
08:40:57.0446 1140 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:40:57.0446 1140 volmgr - ok
08:40:57.0477 1140 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:40:57.0477 1140 volmgrx - ok
08:40:57.0540 1140 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:40:57.0540 1140 volsnap - ok
08:40:57.0602 1140 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:40:57.0602 1140 vsmraid - ok
08:40:57.0633 1140 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
08:40:57.0633 1140 vwifibus - ok
08:40:57.0665 1140 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:40:57.0665 1140 WacomPen - ok
08:40:57.0727 1140 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:40:57.0727 1140 WANARP - ok
08:40:57.0727 1140 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:40:57.0727 1140 Wanarpv6 - ok
08:40:57.0805 1140 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:40:57.0821 1140 Wd - ok
08:40:57.0852 1140 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:40:57.0867 1140 Wdf01000 - ok
08:40:57.0945 1140 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:40:57.0945 1140 WfpLwf - ok
08:40:57.0977 1140 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:40:57.0977 1140 WIMMount - ok
08:40:58.0086 1140 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:40:58.0086 1140 WmiAcpi - ok
08:40:58.0148 1140 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:40:58.0148 1140 ws2ifsl - ok
08:40:58.0226 1140 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:40:58.0226 1140 WudfPf - ok
08:40:58.0273 1140 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:40:58.0273 1140 WUDFRd - ok
08:40:58.0367 1140 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
08:40:58.0367 1140 xnacc - ok
08:40:58.0429 1140 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
08:40:58.0429 1140 xusb21 - ok
08:40:58.0491 1140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:40:58.0507 1140 \Device\Harddisk0\DR0 - ok
08:40:58.0507 1140 Boot (0x1200) (173f513fcf4fee7812257c5f92bc4b45) \Device\Harddisk0\DR0\Partition0
08:40:58.0507 1140 \Device\Harddisk0\DR0\Partition0 - ok
08:40:58.0523 1140 Boot (0x1200) (d2d2a1478d7ecab7fb257d1bb4017914) \Device\Harddisk0\DR0\Partition1
08:40:58.0523 1140 \Device\Harddisk0\DR0\Partition1 - ok
08:40:58.0523 1140 ============================================================
08:40:58.0523 1140 Scan finished
08:40:58.0523 1140 ============================================================
08:40:58.0554 1800 Detected object count: 1
08:40:58.0554 1800 Actual detected object count: 1
08:41:14.0388 1800 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\cmdGuard.sys) error 1813
08:41:14.0513 1800 Backup copy not found, trying to cure infected file..
08:41:14.0513 1800 C:\Windows\system32\DRIVERS\cmdguard.sys - Cure failed (FFFFFFFF)
08:41:14.0513 1800 C:\Windows\system32\DRIVERS\cmdguard.sys - processing error
08:41:16.0650 1800 cmdGuard ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
08:42:04.0947 3092 Deinitialize success
===========================================================================================


I followed the rest of your instructions. Here are the results of the driver check...

difxapi.dll - c:\windows\system32 - Modified 14/07/2009 - Application extension - Version 2.1.0.0
vclone.sys - c:\windows\system32\drivers - Modified 09/08/2009 - System file - Version 5.4.3.5

Files found: 186. Signed files: 183. Unsigned files: 2. Files not scanned:1.
===========================================================================================


Here are the output logs for the Event Viewer Tool...

**System log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/11/2011 09:25:03

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/11/2011 09:02:37
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 22/11/2011 09:02:27
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.0 service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 22/11/2011 09:01:25
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/11/2011 09:02:28
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.


**Application log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/11/2011 09:26:13

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
================================================================================


I've tested all of the browsers I use, and the redirect issue seems to have been resolved. Please advise if any further action should be taken.

Thank you once again for all your time and effort, it is greatly appreciated.


Chris.
  • 0

#6
RKinner
Posted 22 November 2011 - 12:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
TDSSKiller is not happy with cmdguard.sys which is part of Comodo. Can you uninstall Comodo then run TDSSKiller again? Then redownload and reinstall Comodo and run TDSSKiller one more time. This may be a false positive but I'd like to be sure. If it is a false positive I'll report it to Kaspersky.

Your events logs show a problem with a Catalyst driver. (video driver) Check your PC maker's website for the latest version. (Word on the net is that Microsoft is pushing an old driver for the Catalyst so don't let them replace it).

There is also a problem with HomeGroup Listener service. I think it is not running because the Server service is disabled. Right click on Computer and select Manage then Services and Applications then Services. Find the Server service and right click and select Properties then If it doesn't already say it is running, change the Startup Type: to Automatic and APPLY then START the service. OK. Find the HomeGroup Listener service and right click and select Properties then Startup Type should be Manual and it should normally be Started. See if it will Start now. Does it give you an error?

Ron
  • 0

#7
Bloke82
Posted 23 November 2011 - 01:08 PM

Bloke82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I've been having a few issues with Comodo in the past few days whilst following your help, saying that it wasn't running properly. Having said that, I got it from a download site, and not the Comodo website. I have uninstalled the old one (then ran TDSSKiller as requested) and downloaded and installed one from the official site (then ran TDSSKiller again). If there are still issues, I would appreciate it if an expert such as yourself could recommend an alternative firewall, if you suggest that one is needed, of course.

In regards to the Catalyst issue, I have only ever manually downloaded drivers and updates from http://www.amd.com/u...s/catalyst.aspx in the past. Although an automatic Windows update may have sneaked something by me. I have re-downloaded and installed it from the source above, prior to running TDSSKiller, and will take your advice on looking out for Microsoft pushing old drivers. Thank you.

Here are the TDSSKiller logs...

**TDSSKiller (with the old Comodo uninstalled)

18:20:46.0756 1996 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
18:20:46.0880 1996 ============================================================
18:20:46.0880 1996 Current date / time: 2011/11/23 18:20:46.0880
18:20:46.0880 1996 SystemInfo:
18:20:46.0880 1996
18:20:46.0880 1996 OS Version: 6.1.7601 ServicePack: 1.0
18:20:46.0880 1996 Product type: Workstation
18:20:46.0880 1996 ComputerName: CHRIS-ADV
18:20:46.0880 1996 UserName: Chris
18:20:46.0880 1996 Windows directory: C:\Windows
18:20:46.0880 1996 System windows directory: C:\Windows
18:20:46.0880 1996 Processor architecture: Intel x86
18:20:46.0880 1996 Number of processors: 3
18:20:46.0880 1996 Page size: 0x1000
18:20:46.0880 1996 Boot type: Normal boot
18:20:46.0880 1996 ============================================================
18:20:47.0894 1996 Initialize success
18:20:50.0312 0516 ============================================================
18:20:50.0312 0516 Scan started
18:20:50.0312 0516 Mode: Manual;
18:20:50.0312 0516 ============================================================
18:20:52.0106 0516 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:20:52.0106 0516 1394ohci - ok
18:20:52.0138 0516 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:20:52.0138 0516 ACPI - ok
18:20:52.0184 0516 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:20:52.0184 0516 AcpiPmi - ok
18:20:52.0231 0516 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:20:52.0247 0516 adp94xx - ok
18:20:52.0262 0516 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:20:52.0278 0516 adpahci - ok
18:20:52.0294 0516 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:20:52.0294 0516 adpu320 - ok
18:20:52.0340 0516 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:20:52.0356 0516 AFD - ok
18:20:52.0387 0516 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:20:52.0387 0516 agp440 - ok
18:20:52.0418 0516 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:20:52.0418 0516 aic78xx - ok
18:20:52.0465 0516 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:20:52.0465 0516 aliide - ok
18:20:52.0512 0516 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:20:52.0512 0516 amdagp - ok
18:20:52.0528 0516 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:20:52.0528 0516 amdide - ok
18:20:52.0559 0516 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
18:20:52.0559 0516 amdiox86 - ok
18:20:52.0606 0516 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:20:52.0606 0516 AmdK8 - ok
18:20:52.0793 0516 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
18:20:52.0855 0516 amdkmdag - ok
18:20:52.0902 0516 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys
18:20:52.0902 0516 amdkmdap - ok
18:20:52.0949 0516 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:20:52.0949 0516 AmdPPM - ok
18:20:52.0996 0516 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:20:52.0996 0516 amdsata - ok
18:20:53.0027 0516 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:20:53.0027 0516 amdsbs - ok
18:20:53.0042 0516 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:20:53.0042 0516 amdxata - ok
18:20:53.0120 0516 AODDriver4.0 (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
18:20:53.0120 0516 AODDriver4.0 - ok
18:20:53.0152 0516 AODDriver4.01 (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
18:20:53.0152 0516 AODDriver4.01 - ok
18:20:53.0214 0516 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:20:53.0214 0516 AppID - ok
18:20:53.0245 0516 appliandMP - ok
18:20:53.0292 0516 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:20:53.0292 0516 arc - ok
18:20:53.0323 0516 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:20:53.0323 0516 arcsas - ok
18:20:53.0339 0516 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:20:53.0339 0516 AsyncMac - ok
18:20:53.0370 0516 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:20:53.0370 0516 atapi - ok
18:20:53.0417 0516 AtiHDAudioService (84faf3d287d56d210f84db7c1349d43b) C:\Windows\system32\drivers\AtihdW73.sys
18:20:53.0432 0516 AtiHDAudioService - ok
18:20:53.0464 0516 AtiHdmiService (c822c615b2f693ef4e5b355432976a81) C:\Windows\system32\drivers\AtiHdmi.sys
18:20:53.0464 0516 AtiHdmiService - ok
18:20:53.0666 0516 atikmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
18:20:53.0729 0516 atikmdag - ok
18:20:53.0791 0516 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:20:53.0807 0516 b06bdrv - ok
18:20:53.0838 0516 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:20:53.0854 0516 b57nd60x - ok
18:20:53.0900 0516 bbcap (709fbe6eced1c3259d2b50bb0520b765) C:\Windows\system32\DRIVERS\bbcap.sys
18:20:53.0900 0516 bbcap - ok
18:20:53.0932 0516 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:20:53.0932 0516 Beep - ok
18:20:53.0963 0516 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:20:53.0963 0516 blbdrive - ok
18:20:53.0994 0516 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:20:53.0994 0516 bowser - ok
18:20:54.0010 0516 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:20:54.0010 0516 BrFiltLo - ok
18:20:54.0041 0516 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:20:54.0041 0516 BrFiltUp - ok
18:20:54.0072 0516 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:20:54.0072 0516 Brserid - ok
18:20:54.0088 0516 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:20:54.0103 0516 BrSerWdm - ok
18:20:54.0119 0516 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:20:54.0119 0516 BrUsbMdm - ok
18:20:54.0134 0516 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:20:54.0134 0516 BrUsbSer - ok
18:20:54.0150 0516 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:20:54.0150 0516 BTHMODEM - ok
18:20:54.0244 0516 catchme - ok
18:20:54.0462 0516 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:20:54.0462 0516 cdfs - ok
18:20:54.0524 0516 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:20:54.0524 0516 cdrom - ok
18:20:54.0556 0516 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:20:54.0556 0516 circlass - ok
18:20:54.0587 0516 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:20:54.0587 0516 CLFS - ok
18:20:54.0665 0516 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:20:54.0665 0516 CmBatt - ok
18:20:54.0696 0516 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:20:54.0696 0516 cmdide - ok
18:20:54.0712 0516 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:20:54.0727 0516 CNG - ok
18:20:54.0743 0516 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:20:54.0743 0516 Compbatt - ok
18:20:54.0774 0516 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:20:54.0774 0516 CompositeBus - ok
18:20:54.0805 0516 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:20:54.0805 0516 crcdisk - ok
18:20:54.0883 0516 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:20:54.0883 0516 DfsC - ok
18:20:54.0914 0516 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:20:54.0914 0516 discache - ok
18:20:54.0946 0516 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:20:54.0946 0516 Disk - ok
18:20:54.0992 0516 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:20:54.0992 0516 drmkaud - ok
18:20:55.0070 0516 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:20:55.0102 0516 DXGKrnl - ok
18:20:55.0195 0516 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:20:55.0258 0516 ebdrv - ok
18:20:55.0382 0516 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:20:55.0382 0516 ElbyCDIO - ok
18:20:55.0445 0516 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:20:55.0460 0516 elxstor - ok
18:20:55.0492 0516 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:20:55.0492 0516 ErrDev - ok
18:20:55.0523 0516 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:20:55.0538 0516 exfat - ok
18:20:55.0570 0516 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:20:55.0570 0516 fastfat - ok
18:20:55.0601 0516 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:20:55.0601 0516 fdc - ok
18:20:55.0632 0516 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:20:55.0632 0516 FileInfo - ok
18:20:55.0648 0516 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:20:55.0648 0516 Filetrace - ok
18:20:55.0679 0516 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:20:55.0679 0516 flpydisk - ok
18:20:55.0710 0516 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:20:55.0726 0516 FltMgr - ok
18:20:55.0741 0516 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:20:55.0757 0516 FsDepends - ok
18:20:55.0772 0516 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:20:55.0772 0516 Fs_Rec - ok
18:20:55.0804 0516 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:20:55.0804 0516 fvevol - ok
18:20:55.0835 0516 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:20:55.0835 0516 gagp30kx - ok
18:20:55.0850 0516 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:20:55.0866 0516 hcw85cir - ok
18:20:55.0913 0516 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:20:55.0913 0516 HdAudAddService - ok
18:20:55.0944 0516 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:20:55.0944 0516 HDAudBus - ok
18:20:55.0975 0516 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:20:55.0975 0516 HidBatt - ok
18:20:55.0991 0516 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:20:56.0006 0516 HidBth - ok
18:20:56.0022 0516 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:20:56.0022 0516 HidIr - ok
18:20:56.0084 0516 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:20:56.0084 0516 HidUsb - ok
18:20:56.0131 0516 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:20:56.0131 0516 HpSAMD - ok
18:20:56.0178 0516 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:20:56.0194 0516 HTTP - ok
18:20:56.0225 0516 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:20:56.0225 0516 hwpolicy - ok
18:20:56.0272 0516 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:20:56.0272 0516 i8042prt - ok
18:20:56.0318 0516 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:20:56.0318 0516 iaStorV - ok
18:20:56.0350 0516 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:20:56.0365 0516 iirsp - ok
18:20:56.0474 0516 IntcAzAudAddService (2c314284938e308da50d49e50404d9fc) C:\Windows\system32\drivers\RTKVHDA.sys
18:20:56.0521 0516 IntcAzAudAddService - ok
18:20:56.0599 0516 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:20:56.0599 0516 intelide - ok
18:20:56.0646 0516 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:20:56.0646 0516 intelppm - ok
18:20:56.0662 0516 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:56.0677 0516 IpFilterDriver - ok
18:20:56.0724 0516 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:20:56.0724 0516 IPMIDRV - ok
18:20:56.0740 0516 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:20:56.0740 0516 IPNAT - ok
18:20:56.0771 0516 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
18:20:56.0771 0516 irda - ok
18:20:56.0802 0516 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:20:56.0802 0516 IRENUM - ok
18:20:56.0849 0516 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
18:20:56.0849 0516 irsir - ok
18:20:56.0880 0516 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:20:56.0880 0516 isapnp - ok
18:20:56.0911 0516 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:20:56.0927 0516 iScsiPrt - ok
18:20:56.0958 0516 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:20:56.0958 0516 kbdclass - ok
18:20:56.0989 0516 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:20:56.0989 0516 kbdhid - ok
18:20:57.0020 0516 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:20:57.0020 0516 KSecDD - ok
18:20:57.0052 0516 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:20:57.0067 0516 KSecPkg - ok
18:20:57.0114 0516 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:20:57.0114 0516 lltdio - ok
18:20:57.0161 0516 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:20:57.0161 0516 LSI_FC - ok
18:20:57.0176 0516 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:20:57.0176 0516 LSI_SAS - ok
18:20:57.0192 0516 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:20:57.0192 0516 LSI_SAS2 - ok
18:20:57.0208 0516 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:20:57.0223 0516 LSI_SCSI - ok
18:20:57.0239 0516 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:20:57.0239 0516 luafv - ok
18:20:57.0270 0516 MBAMProtector - ok
18:20:57.0301 0516 MBAMSwissArmy - ok
18:20:57.0332 0516 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:20:57.0332 0516 megasas - ok
18:20:57.0364 0516 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:20:57.0364 0516 MegaSR - ok
18:20:57.0395 0516 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:20:57.0395 0516 Modem - ok
18:20:57.0426 0516 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:20:57.0426 0516 monitor - ok
18:20:57.0457 0516 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:20:57.0457 0516 mouclass - ok
18:20:57.0488 0516 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:20:57.0488 0516 mouhid - ok
18:20:57.0520 0516 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:20:57.0535 0516 mountmgr - ok
18:20:57.0566 0516 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:20:57.0566 0516 MpFilter - ok
18:20:57.0598 0516 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:20:57.0613 0516 mpio - ok
18:20:57.0629 0516 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:20:57.0644 0516 MpNWMon - ok
18:20:57.0660 0516 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:20:57.0660 0516 mpsdrv - ok
18:20:57.0707 0516 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:20:57.0707 0516 MRxDAV - ok
18:20:57.0754 0516 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:20:57.0754 0516 mrxsmb - ok
18:20:57.0769 0516 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:20:57.0769 0516 mrxsmb10 - ok
18:20:57.0816 0516 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:20:57.0816 0516 mrxsmb20 - ok
18:20:57.0847 0516 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:20:57.0847 0516 msahci - ok
18:20:57.0878 0516 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:20:57.0878 0516 msdsm - ok
18:20:57.0925 0516 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:20:57.0925 0516 Msfs - ok
18:20:57.0941 0516 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:20:57.0941 0516 mshidkmdf - ok
18:20:57.0972 0516 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:20:57.0972 0516 msisadrv - ok
18:20:58.0003 0516 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:20:58.0003 0516 MSKSSRV - ok
18:20:58.0034 0516 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:20:58.0034 0516 MSPCLOCK - ok
18:20:58.0050 0516 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:20:58.0050 0516 MSPQM - ok
18:20:58.0066 0516 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:20:58.0066 0516 MsRPC - ok
18:20:58.0112 0516 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:20:58.0112 0516 mssmbios - ok
18:20:58.0144 0516 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:20:58.0144 0516 MSTEE - ok
18:20:58.0159 0516 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:20:58.0159 0516 MTConfig - ok
18:20:58.0175 0516 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:20:58.0175 0516 Mup - ok
18:20:58.0222 0516 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:20:58.0222 0516 NativeWifiP - ok
18:20:58.0284 0516 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:20:58.0300 0516 NDIS - ok
18:20:58.0331 0516 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:20:58.0331 0516 NdisCap - ok
18:20:58.0362 0516 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:20:58.0362 0516 NdisTapi - ok
18:20:58.0393 0516 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:20:58.0393 0516 Ndisuio - ok
18:20:58.0424 0516 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:20:58.0424 0516 NdisWan - ok
18:20:58.0456 0516 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:20:58.0456 0516 NDProxy - ok
18:20:58.0502 0516 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:20:58.0502 0516 NetBIOS - ok
18:20:58.0534 0516 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:20:58.0534 0516 NetBT - ok
18:20:58.0596 0516 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:20:58.0596 0516 nfrd960 - ok
18:20:58.0627 0516 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:20:58.0627 0516 NisDrv - ok
18:20:58.0658 0516 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:20:58.0658 0516 Npfs - ok
18:20:58.0690 0516 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:20:58.0690 0516 nsiproxy - ok
18:20:58.0752 0516 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:20:58.0783 0516 Ntfs - ok
18:20:58.0799 0516 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:20:58.0799 0516 Null - ok
18:20:58.0830 0516 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:20:58.0830 0516 nvraid - ok
18:20:58.0861 0516 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:20:58.0861 0516 nvstor - ok
18:20:58.0877 0516 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:20:58.0877 0516 nv_agp - ok
18:20:58.0908 0516 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:20:58.0908 0516 ohci1394 - ok
18:20:58.0955 0516 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:20:58.0955 0516 Parport - ok
18:20:59.0002 0516 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:20:59.0002 0516 partmgr - ok
18:20:59.0017 0516 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:20:59.0017 0516 Parvdm - ok
18:20:59.0064 0516 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:20:59.0064 0516 pci - ok
18:20:59.0095 0516 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:20:59.0095 0516 pciide - ok
18:20:59.0126 0516 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:20:59.0126 0516 pcmcia - ok
18:20:59.0158 0516 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:20:59.0158 0516 pcw - ok
18:20:59.0204 0516 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:20:59.0220 0516 PEAUTH - ok
18:20:59.0282 0516 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:20:59.0282 0516 PptpMiniport - ok
18:20:59.0314 0516 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:20:59.0314 0516 Processor - ok
18:20:59.0345 0516 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:20:59.0345 0516 Psched - ok
18:20:59.0392 0516 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:20:59.0438 0516 ql2300 - ok
18:20:59.0485 0516 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:20:59.0485 0516 ql40xx - ok
18:20:59.0516 0516 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:20:59.0516 0516 QWAVEdrv - ok
18:20:59.0532 0516 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:20:59.0532 0516 RasAcd - ok
18:20:59.0563 0516 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:20:59.0579 0516 RasAgileVpn - ok
18:20:59.0610 0516 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:20:59.0610 0516 Rasl2tp - ok
18:20:59.0641 0516 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:20:59.0641 0516 RasPppoe - ok
18:20:59.0657 0516 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:20:59.0657 0516 RasSstp - ok
18:20:59.0688 0516 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:20:59.0704 0516 rdbss - ok
18:20:59.0719 0516 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:20:59.0719 0516 rdpbus - ok
18:20:59.0750 0516 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:20:59.0750 0516 RDPCDD - ok
18:20:59.0782 0516 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:20:59.0797 0516 RDPENCDD - ok
18:20:59.0813 0516 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:20:59.0813 0516 RDPREFMP - ok
18:20:59.0860 0516 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:20:59.0860 0516 RDPWD - ok
18:20:59.0906 0516 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:20:59.0906 0516 rdyboost - ok
18:20:59.0969 0516 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:20:59.0969 0516 rspndr - ok
18:21:00.0000 0516 RTL8167 (aa9c3881a74a6d66a2ad869b03e8d3f5) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:21:00.0016 0516 RTL8167 - ok
18:21:00.0047 0516 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:21:00.0047 0516 sbp2port - ok
18:21:00.0094 0516 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:21:00.0094 0516 scfilter - ok
18:21:00.0140 0516 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:21:00.0156 0516 secdrv - ok
18:21:00.0187 0516 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:21:00.0187 0516 Serenum - ok
18:21:00.0218 0516 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:21:00.0218 0516 Serial - ok
18:21:00.0250 0516 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:21:00.0265 0516 sermouse - ok
18:21:00.0312 0516 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:21:00.0312 0516 sffdisk - ok
18:21:00.0328 0516 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:21:00.0328 0516 sffp_mmc - ok
18:21:00.0343 0516 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:21:00.0343 0516 sffp_sd - ok
18:21:00.0374 0516 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:21:00.0374 0516 sfloppy - ok
18:21:00.0406 0516 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:21:00.0406 0516 sisagp - ok
18:21:00.0437 0516 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:21:00.0437 0516 SiSRaid2 - ok
18:21:00.0452 0516 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:21:00.0468 0516 SiSRaid4 - ok
18:21:00.0484 0516 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:21:00.0484 0516 Smb - ok
18:21:00.0515 0516 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:21:00.0530 0516 spldr - ok
18:21:00.0562 0516 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:21:00.0562 0516 srv - ok
18:21:00.0577 0516 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:21:00.0593 0516 srv2 - ok
18:21:00.0608 0516 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:21:00.0608 0516 srvnet - ok
18:21:00.0671 0516 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:21:00.0671 0516 stexstor - ok
18:21:00.0718 0516 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:21:00.0718 0516 swenum - ok
18:21:00.0780 0516 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:21:00.0811 0516 Tcpip - ok
18:21:00.0874 0516 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:21:00.0889 0516 TCPIP6 - ok
18:21:00.0920 0516 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:21:00.0920 0516 tcpipreg - ok
18:21:00.0967 0516 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:21:00.0967 0516 TDPIPE - ok
18:21:00.0967 0516 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:21:00.0983 0516 TDTCP - ok
18:21:00.0998 0516 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:21:00.0998 0516 tdx - ok
18:21:01.0030 0516 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:21:01.0045 0516 TermDD - ok
18:21:01.0108 0516 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:21:01.0108 0516 tssecsrv - ok
18:21:01.0139 0516 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:21:01.0139 0516 TsUsbFlt - ok
18:21:01.0186 0516 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:21:01.0186 0516 tunnel - ok
18:21:01.0217 0516 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:21:01.0217 0516 uagp35 - ok
18:21:01.0248 0516 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:21:01.0264 0516 udfs - ok
18:21:01.0295 0516 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:21:01.0295 0516 uliagpkx - ok
18:21:01.0342 0516 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:21:01.0342 0516 umbus - ok
18:21:01.0357 0516 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:21:01.0357 0516 UmPass - ok
18:21:01.0388 0516 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
18:21:01.0388 0516 usbccgp - ok
18:21:01.0420 0516 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:21:01.0420 0516 usbcir - ok
18:21:01.0451 0516 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\Windows\system32\DRIVERS\usbcm.sys
18:21:01.0451 0516 usbcm - ok
18:21:01.0466 0516 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:21:01.0466 0516 usbehci - ok
18:21:01.0513 0516 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:21:01.0513 0516 usbhub - ok
18:21:01.0529 0516 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
18:21:01.0529 0516 usbohci - ok
18:21:01.0560 0516 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:21:01.0560 0516 usbprint - ok
18:21:01.0576 0516 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
18:21:01.0576 0516 USBSTOR - ok
18:21:01.0591 0516 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:21:01.0591 0516 usbuhci - ok
18:21:01.0622 0516 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
18:21:01.0638 0516 VClone - ok
18:21:01.0654 0516 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:21:01.0654 0516 vdrvroot - ok
18:21:01.0685 0516 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:21:01.0685 0516 vga - ok
18:21:01.0700 0516 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:21:01.0700 0516 VgaSave - ok
18:21:01.0732 0516 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:21:01.0732 0516 vhdmp - ok
18:21:01.0763 0516 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:21:01.0763 0516 viaagp - ok
18:21:01.0794 0516 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:21:01.0794 0516 ViaC7 - ok
18:21:01.0810 0516 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:21:01.0810 0516 viaide - ok
18:21:01.0841 0516 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:21:01.0841 0516 volmgr - ok
18:21:01.0872 0516 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:21:01.0872 0516 volmgrx - ok
18:21:01.0903 0516 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:21:01.0903 0516 volsnap - ok
18:21:01.0934 0516 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:21:01.0934 0516 vsmraid - ok
18:21:01.0966 0516 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:21:01.0966 0516 vwifibus - ok
18:21:01.0981 0516 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:21:01.0981 0516 WacomPen - ok
18:21:02.0012 0516 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:21:02.0012 0516 WANARP - ok
18:21:02.0028 0516 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:21:02.0028 0516 Wanarpv6 - ok
18:21:02.0075 0516 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:21:02.0075 0516 Wd - ok
18:21:02.0090 0516 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:21:02.0106 0516 Wdf01000 - ok
18:21:02.0137 0516 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:21:02.0153 0516 WfpLwf - ok
18:21:02.0168 0516 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:21:02.0168 0516 WIMMount - ok
18:21:02.0278 0516 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:21:02.0278 0516 WmiAcpi - ok
18:21:02.0324 0516 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:21:02.0324 0516 ws2ifsl - ok
18:21:02.0387 0516 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:21:02.0387 0516 WudfPf - ok
18:21:02.0402 0516 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:21:02.0402 0516 WUDFRd - ok
18:21:02.0465 0516 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
18:21:02.0480 0516 xnacc - ok
18:21:02.0543 0516 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
18:21:02.0543 0516 xusb21 - ok
18:21:02.0590 0516 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:21:02.0605 0516 \Device\Harddisk0\DR0 - ok
18:21:02.0605 0516 Boot (0x1200) (173f513fcf4fee7812257c5f92bc4b45) \Device\Harddisk0\DR0\Partition0
18:21:02.0605 0516 \Device\Harddisk0\DR0\Partition0 - ok
18:21:02.0621 0516 Boot (0x1200) (d2d2a1478d7ecab7fb257d1bb4017914) \Device\Harddisk0\DR0\Partition1
18:21:02.0621 0516 \Device\Harddisk0\DR0\Partition1 - ok
18:21:02.0621 0516 ============================================================
18:21:02.0621 0516 Scan finished
18:21:02.0621 0516 ============================================================
18:21:02.0652 1048 Detected object count: 0
18:21:02.0652 1048 Actual detected object count: 0
18:21:24.0695 2296 Deinitialize success
========================================================================================================

**TDSSKiller (with the new Comodo installed)

18:28:41.0610 5020 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
18:28:42.0016 5020 ============================================================
18:28:42.0016 5020 Current date / time: 2011/11/23 18:28:42.0016
18:28:42.0016 5020 SystemInfo:
18:28:42.0016 5020
18:28:42.0016 5020 OS Version: 6.1.7601 ServicePack: 1.0
18:28:42.0016 5020 Product type: Workstation
18:28:42.0016 5020 ComputerName: CHRIS-ADV
18:28:42.0016 5020 UserName: Chris
18:28:42.0016 5020 Windows directory: C:\Windows
18:28:42.0016 5020 System windows directory: C:\Windows
18:28:42.0016 5020 Processor architecture: Intel x86
18:28:42.0016 5020 Number of processors: 3
18:28:42.0016 5020 Page size: 0x1000
18:28:42.0016 5020 Boot type: Normal boot
18:28:42.0016 5020 ============================================================
18:28:45.0573 5020 Initialize success
18:28:47.0928 5352 ============================================================
18:28:47.0928 5352 Scan started
18:28:47.0928 5352 Mode: Manual;
18:28:47.0928 5352 ============================================================
18:28:50.0799 5352 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:28:50.0799 5352 1394ohci - ok
18:28:50.0845 5352 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:28:50.0845 5352 ACPI - ok
18:28:50.0892 5352 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:28:50.0892 5352 AcpiPmi - ok
18:28:50.0939 5352 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:28:50.0939 5352 adp94xx - ok
18:28:50.0955 5352 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:28:50.0970 5352 adpahci - ok
18:28:50.0986 5352 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:28:50.0986 5352 adpu320 - ok
18:28:51.0033 5352 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:28:51.0048 5352 AFD - ok
18:28:51.0064 5352 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:28:51.0064 5352 agp440 - ok
18:28:51.0095 5352 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:28:51.0095 5352 aic78xx - ok
18:28:51.0157 5352 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:28:51.0157 5352 aliide - ok
18:28:51.0204 5352 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:28:51.0204 5352 amdagp - ok
18:28:51.0220 5352 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:28:51.0220 5352 amdide - ok
18:28:51.0251 5352 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
18:28:51.0267 5352 amdiox86 - ok
18:28:51.0298 5352 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:28:51.0298 5352 AmdK8 - ok
18:28:51.0501 5352 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
18:28:51.0563 5352 amdkmdag - ok
18:28:51.0610 5352 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys
18:28:51.0610 5352 amdkmdap - ok
18:28:51.0657 5352 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:28:51.0657 5352 AmdPPM - ok
18:28:51.0703 5352 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:28:51.0703 5352 amdsata - ok
18:28:51.0735 5352 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:28:51.0735 5352 amdsbs - ok
18:28:51.0750 5352 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:28:51.0766 5352 amdxata - ok
18:28:51.0828 5352 AODDriver4.0 (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
18:28:51.0828 5352 AODDriver4.0 - ok
18:28:51.0859 5352 AODDriver4.01 (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
18:28:51.0859 5352 AODDriver4.01 - ok
18:28:51.0922 5352 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:28:51.0922 5352 AppID - ok
18:28:51.0969 5352 appliandMP - ok
18:28:52.0015 5352 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:28:52.0015 5352 arc - ok
18:28:52.0031 5352 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:28:52.0031 5352 arcsas - ok
18:28:52.0047 5352 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:28:52.0062 5352 AsyncMac - ok
18:28:52.0078 5352 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:28:52.0078 5352 atapi - ok
18:28:52.0140 5352 AtiHDAudioService (84faf3d287d56d210f84db7c1349d43b) C:\Windows\system32\drivers\AtihdW73.sys
18:28:52.0140 5352 AtiHDAudioService - ok
18:28:52.0171 5352 AtiHdmiService (c822c615b2f693ef4e5b355432976a81) C:\Windows\system32\drivers\AtiHdmi.sys
18:28:52.0171 5352 AtiHdmiService - ok
18:28:52.0405 5352 atikmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
18:28:52.0468 5352 atikmdag - ok
18:28:52.0624 5352 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:28:52.0624 5352 b06bdrv - ok
18:28:52.0655 5352 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:28:52.0671 5352 b57nd60x - ok
18:28:52.0717 5352 bbcap (709fbe6eced1c3259d2b50bb0520b765) C:\Windows\system32\DRIVERS\bbcap.sys
18:28:52.0717 5352 bbcap - ok
18:28:52.0749 5352 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:28:52.0749 5352 Beep - ok
18:28:52.0780 5352 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:28:52.0780 5352 blbdrive - ok
18:28:52.0811 5352 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:28:52.0811 5352 bowser - ok
18:28:52.0827 5352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:28:52.0827 5352 BrFiltLo - ok
18:28:52.0842 5352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:28:52.0842 5352 BrFiltUp - ok
18:28:52.0873 5352 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:28:52.0889 5352 Brserid - ok
18:28:52.0889 5352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:28:52.0905 5352 BrSerWdm - ok
18:28:52.0920 5352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:28:52.0920 5352 BrUsbMdm - ok
18:28:52.0936 5352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:28:52.0936 5352 BrUsbSer - ok
18:28:52.0951 5352 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:28:52.0951 5352 BTHMODEM - ok
18:28:53.0045 5352 catchme - ok
18:28:53.0123 5352 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:28:53.0123 5352 cdfs - ok
18:28:53.0185 5352 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:28:53.0185 5352 cdrom - ok
18:28:53.0232 5352 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:28:53.0232 5352 circlass - ok
18:28:53.0263 5352 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:28:53.0263 5352 CLFS - ok
18:28:53.0326 5352 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:28:53.0326 5352 CmBatt - ok
18:28:53.0373 5352 cmdGuard (544747035c7fa83d9e9d0a13f6e58bc4) C:\Windows\system32\DRIVERS\cmdguard.sys
18:28:53.0388 5352 cmdGuard - ok
18:28:53.0419 5352 cmdHlp (7faba2d3b4912b8762d1fec63ad12525) C:\Windows\system32\DRIVERS\cmdhlp.sys
18:28:53.0419 5352 cmdHlp - ok
18:28:53.0451 5352 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:28:53.0466 5352 cmdide - ok
18:28:53.0497 5352 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:28:53.0497 5352 CNG - ok
18:28:53.0513 5352 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:28:53.0513 5352 Compbatt - ok
18:28:53.0575 5352 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:28:53.0591 5352 CompositeBus - ok
18:28:53.0607 5352 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:28:53.0607 5352 crcdisk - ok
18:28:53.0669 5352 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:28:53.0669 5352 DfsC - ok
18:28:53.0700 5352 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:28:53.0700 5352 discache - ok
18:28:53.0731 5352 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:28:53.0731 5352 Disk - ok
18:28:53.0778 5352 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:28:53.0778 5352 drmkaud - ok
18:28:53.0809 5352 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:28:53.0825 5352 DXGKrnl - ok
18:28:53.0934 5352 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:28:53.0965 5352 ebdrv - ok
18:28:54.0059 5352 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:28:54.0059 5352 ElbyCDIO - ok
18:28:54.0121 5352 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:28:54.0137 5352 elxstor - ok
18:28:54.0153 5352 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:28:54.0153 5352 ErrDev - ok
18:28:54.0199 5352 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:28:54.0199 5352 exfat - ok
18:28:54.0231 5352 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:28:54.0231 5352 fastfat - ok
18:28:54.0262 5352 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:28:54.0262 5352 fdc - ok
18:28:54.0293 5352 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:28:54.0293 5352 FileInfo - ok
18:28:54.0309 5352 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:28:54.0309 5352 Filetrace - ok
18:28:54.0340 5352 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:28:54.0355 5352 flpydisk - ok
18:28:54.0371 5352 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:28:54.0387 5352 FltMgr - ok
18:28:54.0402 5352 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:28:54.0402 5352 FsDepends - ok
18:28:54.0418 5352 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:28:54.0418 5352 Fs_Rec - ok
18:28:54.0449 5352 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:28:54.0465 5352 fvevol - ok
18:28:54.0480 5352 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:28:54.0480 5352 gagp30kx - ok
18:28:54.0511 5352 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:28:54.0511 5352 hcw85cir - ok
18:28:54.0589 5352 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:28:54.0589 5352 HdAudAddService - ok
18:28:54.0621 5352 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:28:54.0621 5352 HDAudBus - ok
18:28:54.0652 5352 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:28:54.0652 5352 HidBatt - ok
18:28:54.0667 5352 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:28:54.0683 5352 HidBth - ok
18:28:54.0699 5352 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:28:54.0699 5352 HidIr - ok
18:28:54.0761 5352 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:28:54.0761 5352 HidUsb - ok
18:28:54.0808 5352 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:28:54.0808 5352 HpSAMD - ok
18:28:54.0855 5352 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:28:54.0870 5352 HTTP - ok
18:28:54.0901 5352 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:28:54.0901 5352 hwpolicy - ok
18:28:54.0933 5352 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:28:54.0933 5352 i8042prt - ok
18:28:54.0979 5352 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:28:54.0979 5352 iaStorV - ok
18:28:55.0011 5352 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:28:55.0026 5352 iirsp - ok
18:28:55.0073 5352 inspect (aa686b40a4f837bc66ad3183b2bbd981) C:\Windows\system32\DRIVERS\inspect.sys
18:28:55.0073 5352 inspect - ok
18:28:55.0182 5352 IntcAzAudAddService (2c314284938e308da50d49e50404d9fc) C:\Windows\system32\drivers\RTKVHDA.sys
18:28:55.0198 5352 IntcAzAudAddService - ok
18:28:55.0229 5352 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:28:55.0245 5352 intelide - ok
18:28:55.0260 5352 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:28:55.0260 5352 intelppm - ok
18:28:55.0291 5352 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:28:55.0291 5352 IpFilterDriver - ok
18:28:55.0338 5352 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:28:55.0338 5352 IPMIDRV - ok
18:28:55.0354 5352 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:28:55.0369 5352 IPNAT - ok
18:28:55.0385 5352 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
18:28:55.0401 5352 irda - ok
18:28:55.0432 5352 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:28:55.0432 5352 IRENUM - ok
18:28:55.0463 5352 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
18:28:55.0463 5352 irsir - ok
18:28:55.0494 5352 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:28:55.0494 5352 isapnp - ok
18:28:55.0557 5352 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:28:55.0557 5352 iScsiPrt - ok
18:28:55.0588 5352 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:28:55.0603 5352 kbdclass - ok
18:28:55.0619 5352 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:28:55.0635 5352 kbdhid - ok
18:28:55.0650 5352 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:28:55.0666 5352 KSecDD - ok
18:28:55.0697 5352 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:28:55.0697 5352 KSecPkg - ok
18:28:55.0744 5352 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:28:55.0744 5352 lltdio - ok
18:28:55.0775 5352 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:28:55.0791 5352 LSI_FC - ok
18:28:55.0806 5352 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:28:55.0806 5352 LSI_SAS - ok
18:28:55.0822 5352 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:28:55.0822 5352 LSI_SAS2 - ok
18:28:55.0837 5352 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:28:55.0837 5352 LSI_SCSI - ok
18:28:55.0869 5352 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:28:55.0869 5352 luafv - ok
18:28:55.0947 5352 MBAMSwissArmy - ok
18:28:56.0009 5352 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:28:56.0009 5352 megasas - ok
18:28:56.0071 5352 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:28:56.0071 5352 MegaSR - ok
18:28:56.0134 5352 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:28:56.0134 5352 Modem - ok
18:28:56.0149 5352 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:28:56.0149 5352 monitor - ok
18:28:56.0196 5352 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:28:56.0196 5352 mouclass - ok
18:28:56.0227 5352 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:28:56.0227 5352 mouhid - ok
18:28:56.0259 5352 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:28:56.0259 5352 mountmgr - ok
18:28:56.0305 5352 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:28:56.0305 5352 MpFilter - ok
18:28:56.0337 5352 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:28:56.0337 5352 mpio - ok
18:28:56.0368 5352 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:28:56.0368 5352 MpNWMon - ok
18:28:56.0383 5352 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:28:56.0399 5352 mpsdrv - ok
18:28:56.0430 5352 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:28:56.0446 5352 MRxDAV - ok
18:28:56.0477 5352 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:28:56.0477 5352 mrxsmb - ok
18:28:56.0493 5352 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:28:56.0508 5352 mrxsmb10 - ok
18:28:56.0539 5352 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:28:56.0571 5352 mrxsmb20 - ok
18:28:56.0602 5352 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:28:56.0602 5352 msahci - ok
18:28:56.0633 5352 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:28:56.0633 5352 msdsm - ok
18:28:56.0680 5352 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:28:56.0680 5352 Msfs - ok
18:28:56.0695 5352 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:28:56.0695 5352 mshidkmdf - ok
18:28:56.0711 5352 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:28:56.0711 5352 msisadrv - ok
18:28:56.0742 5352 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:28:56.0742 5352 MSKSSRV - ok
18:28:56.0773 5352 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:28:56.0773 5352 MSPCLOCK - ok
18:28:56.0789 5352 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:28:56.0789 5352 MSPQM - ok
18:28:56.0820 5352 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:28:56.0820 5352 MsRPC - ok
18:28:56.0851 5352 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:28:56.0851 5352 mssmbios - ok
18:28:56.0867 5352 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:28:56.0883 5352 MSTEE - ok
18:28:56.0883 5352 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:28:56.0898 5352 MTConfig - ok
18:28:56.0914 5352 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:28:56.0914 5352 Mup - ok
18:28:56.0945 5352 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:28:56.0945 5352 NativeWifiP - ok
18:28:56.0992 5352 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:28:57.0007 5352 NDIS - ok
18:28:57.0023 5352 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:28:57.0023 5352 NdisCap - ok
18:28:57.0039 5352 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:28:57.0054 5352 NdisTapi - ok
18:28:57.0070 5352 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:28:57.0070 5352 Ndisuio - ok
18:28:57.0101 5352 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:28:57.0101 5352 NdisWan - ok
18:28:57.0148 5352 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:28:57.0148 5352 NDProxy - ok
18:28:57.0179 5352 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:28:57.0179 5352 NetBIOS - ok
18:28:57.0210 5352 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:28:57.0226 5352 NetBT - ok
18:28:57.0273 5352 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:28:57.0273 5352 nfrd960 - ok
18:28:57.0319 5352 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:28:57.0319 5352 NisDrv - ok
18:28:57.0335 5352 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:28:57.0335 5352 Npfs - ok
18:28:57.0366 5352 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:28:57.0366 5352 nsiproxy - ok
18:28:57.0429 5352 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:28:57.0475 5352 Ntfs - ok
18:28:57.0491 5352 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:28:57.0491 5352 Null - ok
18:28:57.0538 5352 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:28:57.0569 5352 nvraid - ok
18:28:57.0585 5352 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:28:57.0600 5352 nvstor - ok
18:28:57.0616 5352 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:28:57.0616 5352 nv_agp - ok
18:28:57.0663 5352 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:28:57.0663 5352 ohci1394 - ok
18:28:57.0709 5352 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:28:57.0709 5352 Parport - ok
18:28:57.0741 5352 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:28:57.0741 5352 partmgr - ok
18:28:57.0756 5352 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:28:57.0756 5352 Parvdm - ok
18:28:57.0803 5352 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:28:57.0803 5352 pci - ok
18:28:57.0819 5352 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:28:57.0819 5352 pciide - ok
18:28:57.0850 5352 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:28:57.0850 5352 pcmcia - ok
18:28:57.0865 5352 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:28:57.0865 5352 pcw - ok
18:28:57.0897 5352 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:28:57.0912 5352 PEAUTH - ok
18:28:58.0021 5352 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:28:58.0021 5352 PptpMiniport - ok
18:28:58.0037 5352 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:28:58.0037 5352 Processor - ok
18:28:58.0068 5352 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:28:58.0068 5352 Psched - ok
18:28:58.0115 5352 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:28:58.0146 5352 ql2300 - ok
18:28:58.0162 5352 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:28:58.0177 5352 ql40xx - ok
18:28:58.0193 5352 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:28:58.0193 5352 QWAVEdrv - ok
18:28:58.0209 5352 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:28:58.0209 5352 RasAcd - ok
18:28:58.0255 5352 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:28:58.0255 5352 RasAgileVpn - ok
18:28:58.0271 5352 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:28:58.0271 5352 Rasl2tp - ok
18:28:58.0302 5352 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:28:58.0302 5352 RasPppoe - ok
18:28:58.0318 5352 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:28:58.0333 5352 RasSstp - ok
18:28:58.0365 5352 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:28:58.0365 5352 rdbss - ok
18:28:58.0380 5352 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:28:58.0380 5352 rdpbus - ok
18:28:58.0411 5352 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:28:58.0411 5352 RDPCDD - ok
18:28:58.0443 5352 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:28:58.0458 5352 RDPENCDD - ok
18:28:58.0474 5352 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:28:58.0474 5352 RDPREFMP - ok
18:28:58.0505 5352 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:28:58.0505 5352 RDPWD - ok
18:28:58.0583 5352 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:28:58.0583 5352 rdyboost - ok
18:28:58.0645 5352 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:28:58.0645 5352 rspndr - ok
18:28:58.0677 5352 RTL8167 (aa9c3881a74a6d66a2ad869b03e8d3f5) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:28:58.0692 5352 RTL8167 - ok
18:28:58.0723 5352 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:28:58.0723 5352 sbp2port - ok
18:28:58.0755 5352 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:28:58.0755 5352 scfilter - ok
18:28:58.0801 5352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:28:58.0817 5352 secdrv - ok
18:28:58.0848 5352 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:28:58.0848 5352 Serenum - ok
18:28:58.0879 5352 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:28:58.0879 5352 Serial - ok
18:28:58.0895 5352 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:28:58.0895 5352 sermouse - ok
18:28:58.0942 5352 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:28:58.0942 5352 sffdisk - ok
18:28:58.0957 5352 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:28:58.0957 5352 sffp_mmc - ok
18:28:58.0973 5352 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:28:58.0973 5352 sffp_sd - ok
18:28:58.0989 5352 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:28:58.0989 5352 sfloppy - ok
18:28:59.0020 5352 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:28:59.0035 5352 sisagp - ok
18:28:59.0051 5352 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:28:59.0067 5352 SiSRaid2 - ok
18:28:59.0082 5352 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:28:59.0082 5352 SiSRaid4 - ok
18:28:59.0098 5352 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:28:59.0113 5352 Smb - ok
18:28:59.0145 5352 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:28:59.0145 5352 spldr - ok
18:28:59.0176 5352 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:28:59.0176 5352 srv - ok
18:28:59.0207 5352 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:28:59.0207 5352 srv2 - ok
18:28:59.0238 5352 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:28:59.0238 5352 srvnet - ok
18:28:59.0285 5352 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:28:59.0285 5352 stexstor - ok
18:28:59.0332 5352 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:28:59.0332 5352 swenum - ok
18:28:59.0394 5352 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:28:59.0441 5352 Tcpip - ok
18:28:59.0488 5352 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:28:59.0488 5352 TCPIP6 - ok
18:28:59.0535 5352 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:28:59.0566 5352 tcpipreg - ok
18:28:59.0597 5352 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:28:59.0613 5352 TDPIPE - ok
18:28:59.0628 5352 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:28:59.0628 5352 TDTCP - ok
18:28:59.0659 5352 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:28:59.0659 5352 tdx - ok
18:28:59.0691 5352 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:28:59.0691 5352 TermDD - ok
18:28:59.0753 5352 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:28:59.0753 5352 tssecsrv - ok
18:28:59.0784 5352 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:28:59.0784 5352 TsUsbFlt - ok
18:28:59.0831 5352 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:28:59.0831 5352 tunnel - ok
18:28:59.0862 5352 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:28:59.0862 5352 uagp35 - ok
18:28:59.0893 5352 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:28:59.0909 5352 udfs - ok
18:28:59.0971 5352 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:28:59.0987 5352 uliagpkx - ok
18:29:00.0018 5352 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:29:00.0018 5352 umbus - ok
18:29:00.0049 5352 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:29:00.0049 5352 UmPass - ok
18:29:00.0081 5352 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
18:29:00.0081 5352 usbccgp - ok
18:29:00.0127 5352 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:29:00.0127 5352 usbcir - ok
18:29:00.0159 5352 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\Windows\system32\DRIVERS\usbcm.sys
18:29:00.0159 5352 usbcm - ok
18:29:00.0190 5352 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:29:00.0190 5352 usbehci - ok
18:29:00.0221 5352 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:29:00.0237 5352 usbhub - ok
18:29:00.0252 5352 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
18:29:00.0252 5352 usbohci - ok
18:29:00.0283 5352 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:29:00.0283 5352 usbprint - ok
18:29:00.0299 5352 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
18:29:00.0299 5352 USBSTOR - ok
18:29:00.0330 5352 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:29:00.0330 5352 usbuhci - ok
18:29:00.0377 5352 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
18:29:00.0377 5352 VClone - ok
18:29:00.0393 5352 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:29:00.0393 5352 vdrvroot - ok
18:29:00.0424 5352 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:00.0424 5352 vga - ok
18:29:00.0439 5352 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:29:00.0439 5352 VgaSave - ok
18:29:00.0486 5352 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:29:00.0486 5352 vhdmp - ok
18:29:00.0517 5352 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:29:00.0517 5352 viaagp - ok
18:29:00.0533 5352 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:29:00.0564 5352 ViaC7 - ok
18:29:00.0595 5352 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:29:00.0595 5352 viaide - ok
18:29:00.0627 5352 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:29:00.0627 5352 volmgr - ok
18:29:00.0658 5352 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:29:00.0658 5352 volmgrx - ok
18:29:00.0689 5352 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:29:00.0689 5352 volsnap - ok
18:29:00.0720 5352 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:29:00.0720 5352 vsmraid - ok
18:29:00.0751 5352 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:29:00.0751 5352 vwifibus - ok
18:29:00.0783 5352 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:29:00.0783 5352 WacomPen - ok
18:29:00.0829 5352 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:00.0829 5352 WANARP - ok
18:29:00.0829 5352 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:00.0829 5352 Wanarpv6 - ok
18:29:00.0892 5352 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:29:00.0892 5352 Wd - ok
18:29:00.0923 5352 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:29:00.0939 5352 Wdf01000 - ok
18:29:00.0985 5352 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:00.0985 5352 WfpLwf - ok
18:29:01.0001 5352 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:29:01.0001 5352 WIMMount - ok
18:29:01.0110 5352 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:29:01.0110 5352 WmiAcpi - ok
18:29:01.0157 5352 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:29:01.0173 5352 ws2ifsl - ok
18:29:01.0219 5352 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:29:01.0219 5352 WudfPf - ok
18:29:01.0235 5352 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:29:01.0251 5352 WUDFRd - ok
18:29:01.0297 5352 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
18:29:01.0329 5352 xnacc - ok
18:29:01.0375 5352 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
18:29:01.0375 5352 xusb21 - ok
18:29:01.0422 5352 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:29:01.0438 5352 \Device\Harddisk0\DR0 - ok
18:29:01.0438 5352 Boot (0x1200) (173f513fcf4fee7812257c5f92bc4b45) \Device\Harddisk0\DR0\Partition0
18:29:01.0438 5352 \Device\Harddisk0\DR0\Partition0 - ok
18:29:01.0453 5352 Boot (0x1200) (d2d2a1478d7ecab7fb257d1bb4017914) \Device\Harddisk0\DR0\Partition1
18:29:01.0453 5352 \Device\Harddisk0\DR0\Partition1 - ok
18:29:01.0453 5352 ============================================================
18:29:01.0453 5352 Scan finished
18:29:01.0453 5352 ============================================================
18:29:01.0469 5344 Detected object count: 0
18:29:01.0469 5344 Actual detected object count: 0
===========================================================================================================

When I right-clicked on 'Computer' and then 'Manage' I got a "Windows Explorer has stopped working" error message, and then it re-opened Windows Explorer, and continued to open Computer Management. I recall that it did this the last time you told me to follow those steps... is this 'error' normal?

The Server Service was already running.

When trying to start the HomeGroup Listener Service I received the following error message...

"Windows could not start the HomeGroup Listener on Local Computer. For more information, review the System Event log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code - 2147023143."

I'm not sure where to find the System Event log in order to post it for you.

I await further instruction.


Chris.
  • 0

#8
RKinner
Posted 23 November 2011 - 01:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I found this on your error:

if Windows Firewall service is disabled and a 3rd party Firewall is not found, Windows will not allow the HomeGroup Listener to run and gives you the 2147023143 error.


Now that you have reinstalled Comodo (and TDSSKiller is happy with it) perhaps it will start. Sometimes you can set the Windows Firewall to Manual instead of Disabled and that will allow it to run.
Right click on Computer and select Manage then Services and Applications then Services. In the right pane find Windows Firewall and right click and select Properties then change the Startup Type: to Manual. Apply.

Select the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.


You should not be getting the problem when you right click on Computer. Download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the Explorer crashes when you right click.

Run Vino's Event Viewer as before and post the logs.
  • 0

#9
Bloke82
Posted 23 November 2011 - 02:02 PM

Bloke82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I set the Windows Firewall to Manual and started it, then attempted to start the HomeGroup Listener service, and it ran with no errors. The crash issue has also been resolved. Thank you.

Here are the Vino's Event Viewer logs...

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/11/2011 19:56:52

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

and...

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/11/2011 19:57:37

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#10
RKinner
Posted 23 November 2011 - 02:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We need to cleanup System Restore:

Copy the following:


:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#11
Bloke82
Posted 23 November 2011 - 02:50 PM

Bloke82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I ran the fix on OTL as requested.

I am extremely grateful for all your help. The advice given is really appreciated, and will be heeded. Especially the Update Checker, an excellent addition.

I understand that I, and others using it need to be much more careful of what's getting onto this computer, and will be taking advantage of the Virus Total site.

Thank you again for all your help, Ron.


Chris.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP