System Fix Virus - Please Help. [Solved]
Started by
redleader74
, Dec 12 2011 04:50 AM
-
This topic is locked
#16
Posted 20 December 2011 - 05:56 PM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
#17
Posted 20 December 2011 - 06:02 PM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
Whew, the reboot seems to have fixed that error message.
How do the logs look? Hopefully I'm free and clear?
How do the logs look? Hopefully I'm free and clear?
#18
Posted 20 December 2011 - 06:04 PM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Looks good so far. Please do the following now:
Download Security Check from here or here.
Download Security Check from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
#19
Posted 20 December 2011 - 07:10 PM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
Ok, here's the log from Security Check:
Results of screen317's Security Check version 0.99.29
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 17
Java™ SE Runtime Environment 6
Java version out of date!
Adobe Flash Player 10.3.181.22 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
Results of screen317's Security Check version 0.99.29
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 17
Java™ SE Runtime Environment 6
Java version out of date!
Adobe Flash Player 10.3.181.22 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
#21
Posted 24 December 2011 - 06:20 PM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
Oh No! I've been infected with the same virus again! I don't know how it happened. After all the previous steps, everything looked fine (as the logs have shown). What caused the problem this time specifically was, I went to open Internet Explorer (I usually used Firefox) and logged onto Yahoo Mail and immediately after getting into the inbox, the same virus pop up windows started popping up again, just like last time. So I'm wondering if this time it specifically has to do with that email account, as I have not logged into that account since the last infection and the last time it happened I was in fact logged into that email account. Please help! Thanks!!!
#22
Posted 27 December 2011 - 04:10 PM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
I'm sorry for the late reply.
Please run Combofix once again:
Please download ComboFix from Here or Here to your Desktop.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
Please run Combofix once again:
Please download ComboFix from Here or Here to your Desktop.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
- During the download, rename Combofix to Combo-Fix as follows:
- It is important you rename Combofix during the download, but not after.
- Please do not rename Combofix to other names, but only to the one indicated.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection
- Double click on combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\Combo-Fix.txt" for further review
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
#23
Posted 28 December 2011 - 11:46 PM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
Ok, I tried running combo fix (made sure to make the name change upon downloading), however, as soon as it started running I got the windows blue screen of death, the laptop started rebooting and then attempted a file check upon reboot. I bypassed the check by pressing any key and then wound up back on my desktop again.
So I'm afraid to run combo fix again, especially after the BOD. Ideas?
Thanks!!
So I'm afraid to run combo fix again, especially after the BOD. Ideas?
Thanks!!
#24
Posted 29 December 2011 - 03:46 AM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
- Please download aswMBR.exe to your desktop.
- Double click the aswMBR.exe to run it.
- When asked if you want to download Avast's virus definitions please select Yes.
- Click the Scan button to start scan.
- On completion of the scan click Save log, save it to your desktop and post in your next reply.
- Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here
How to add an attachment to a new topic or reply
#25
Posted 30 December 2011 - 10:07 AM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
Ok, here's the aswMBR log, along with the dat file attached.
aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 04:01:53
-----------------------------
04:01:53.003 OS Version: Windows 6.0.6000
04:01:53.003 Number of processors: 2 586 0xF0D
04:01:53.003 ComputerName: KC03 UserName:
04:01:57.567 Initialize success
04:03:17.465 AVAST engine defs: 11123000
04:04:52.049 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
04:04:52.054 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
04:04:52.096 Disk 0 MBR read successfully
04:04:52.101 Disk 0 MBR scan
04:04:52.128 Disk 0 Windows VISTA default MBR code
04:04:52.135 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
04:04:52.193 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
04:04:52.238 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 292365 MB offset 21133312
04:04:52.267 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 619896832
04:04:52.310 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 619898880
04:04:52.499 Disk 0 scanning sectors +625139712
04:04:52.601 Disk 0 scanning C:\Windows\system32\drivers
04:05:12.730 Service scanning
04:05:13.979 Service MpKsl660caad1 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C7A6FDF-F69F-49C1-9D2A-470BBA21B919}\MpKsl660caad1.sys **LOCKED** 32
04:05:14.027 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
04:05:14.920 Modules scanning
04:05:21.424 Disk 0 trace - called modules:
04:05:21.446 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
04:05:21.447 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d8ead8]
04:05:21.447 3 ntkrnlpa.exe[824b07e2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8428f030]
04:05:23.595 AVAST engine scan C:\Windows
04:05:33.567 AVAST engine scan C:\Windows\system32
04:09:14.760 AVAST engine scan C:\Windows\system32\drivers
04:09:35.796 AVAST engine scan C:\Users\Kwong
05:18:46.590 AVAST engine scan C:\ProgramData
05:21:11.477 Scan finished successfully
08:04:57.838 Disk 0 MBR has been saved successfully to "C:\Users\Kwong\Desktop\MBR.dat"
08:04:57.875 The log file has been saved successfully to "C:\Users\Kwong\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 04:01:53
-----------------------------
04:01:53.003 OS Version: Windows 6.0.6000
04:01:53.003 Number of processors: 2 586 0xF0D
04:01:53.003 ComputerName: KC03 UserName:
04:01:57.567 Initialize success
04:03:17.465 AVAST engine defs: 11123000
04:04:52.049 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
04:04:52.054 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
04:04:52.096 Disk 0 MBR read successfully
04:04:52.101 Disk 0 MBR scan
04:04:52.128 Disk 0 Windows VISTA default MBR code
04:04:52.135 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
04:04:52.193 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
04:04:52.238 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 292365 MB offset 21133312
04:04:52.267 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 619896832
04:04:52.310 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 619898880
04:04:52.499 Disk 0 scanning sectors +625139712
04:04:52.601 Disk 0 scanning C:\Windows\system32\drivers
04:05:12.730 Service scanning
04:05:13.979 Service MpKsl660caad1 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C7A6FDF-F69F-49C1-9D2A-470BBA21B919}\MpKsl660caad1.sys **LOCKED** 32
04:05:14.027 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
04:05:14.920 Modules scanning
04:05:21.424 Disk 0 trace - called modules:
04:05:21.446 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
04:05:21.447 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d8ead8]
04:05:21.447 3 ntkrnlpa.exe[824b07e2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8428f030]
04:05:23.595 AVAST engine scan C:\Windows
04:05:33.567 AVAST engine scan C:\Windows\system32
04:09:14.760 AVAST engine scan C:\Windows\system32\drivers
04:09:35.796 AVAST engine scan C:\Users\Kwong
05:18:46.590 AVAST engine scan C:\ProgramData
05:21:11.477 Scan finished successfully
08:04:57.838 Disk 0 MBR has been saved successfully to "C:\Users\Kwong\Desktop\MBR.dat"
08:04:57.875 The log file has been saved successfully to "C:\Users\Kwong\Desktop\aswMBR.txt"
Attached Files
-
MBR.zip 576bytes
63 downloads
#26
Posted 30 December 2011 - 01:01 PM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
OTL Custom Scan- Download OTL to your desktop.
- Double click on the
icon to run it. - Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top, make sure Stadard output is selected.
- Select Scan all users
- Under the Extra Registry section, check Use SafeList
- Check the boxes beside LOP Check and Purity Check.
- Under the Custom Scans/Fixes box copy and paste this in:
netsvcs %SYSTEMDRIVE%\*.exe /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT
- Click the
button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
#27
Posted 31 December 2011 - 02:53 AM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
Ok, here are the logs from OTL:
OTL Extras logfile created on: 12/31/2011 12:38:15 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kwong\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.76% Memory free
4.22 Gb Paging File | 3.19 Gb Available in Paging File | 75.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 30.19 Gb Free Space | 10.57% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.88 Gb Free Space | 58.78% Space Free | Partition Type: NTFS
Computer Name: KC03 | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F94607-4C62-456C-AF9F-221ED24512B7}" = rport=138 | protocol=17 | dir=out | app=system |
"{1A406A0E-032F-48B4-BE69-AE9F23B9D2D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{24BEF276-B99F-4AF9-AAF8-0E2CEEBC7B29}" = rport=139 | protocol=6 | dir=out | app=system |
"{2EB7450F-3F9E-4F2C-91CA-D4DCBC064EDA}" = lport=139 | protocol=6 | dir=in | app=system |
"{34431875-9338-4ECF-8CB1-D6C48DB8BDF9}" = lport=138 | protocol=17 | dir=in | app=system |
"{45D9F8FF-A0DF-49DF-81F1-5AB345916DF9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{49816F1B-9438-4781-BB5B-A773157ECE43}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7714818F-6BBB-4967-8E87-8EA5C93861EF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7BDC2F0A-B7BE-439E-AE41-583C75A8D824}" = rport=137 | protocol=17 | dir=out | app=system |
"{AACAAEC5-5321-4EE4-BB2D-67D8AE74471C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FA0CCB83-F2AD-4238-B5FF-E4FB9FF4D7DC}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02448D36-FE62-4D16-BB4C-847C1CFA1513}" = protocol=6 | dir=in | app=c:\users\kwong\appdata\roaming\dropbox\bin\dropbox.exe |
"{1B24B022-A6FC-40DF-9529-7715C2881CC7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1B728AD2-D373-4CD4-8D61-0566400455E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{1DB830E9-560E-47D6-B2B7-65D838E60EF5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{28CEA68E-59E5-436F-89A7-063260EEDD65}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2B6ABF6A-302F-43D2-B0F4-D6F71F3A4BC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2F237A43-DFCD-4ACE-B496-97794013F4FA}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{42CADCFE-2C55-44BF-AA5C-CB37E9C1CBEA}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{448A4E7E-4315-4A1A-B448-886B82D8BC09}" = protocol=1 | dir=in | [email protected],-28543 |
"{46A2BDC4-9FB7-4802-8624-E27A51A31855}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware\aawwsc.exe |
"{4B134C7E-E238-4653-8EFC-56A4D548253C}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware\ad-aware.exe |
"{503CFFB2-457D-4A26-8774-08C97B6798E5}" = protocol=1 | dir=out | [email protected],-28544 |
"{5673F270-F6FB-412D-B086-47BCB088F8D1}" = protocol=58 | dir=in | [email protected],-28545 |
"{575245CD-CE14-4419-AA2C-01B061A498F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{5811833D-A936-4CC2-88EE-3026A236238F}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware\aawwsc.exe |
"{586EC2EA-66FC-4CD1-B084-F5B6275D5E8E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{61D910E3-B8DF-4BF9-A3B7-90A913643939}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6BFD881F-3DC1-4D03-BA9E-2EC7228AF5FF}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6C7A3C35-0EF5-4A0D-A7F2-61AB851EE3D1}" = protocol=58 | dir=out | [email protected],-28546 |
"{75CCFEF0-4D0A-44CF-966B-D7EB5A9372C3}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware\aawwsc.exe |
"{788FFAB1-C4F4-4D9A-ABA8-B4D99E128740}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{8AB41C04-8834-4DED-9F3F-C5B532831050}" = protocol=17 | dir=in | app=c:\users\kwong\appdata\roaming\dropbox\bin\dropbox.exe |
"{8B6AA329-A82A-406B-99EB-B565EC58C547}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8D9EB3D2-D3D0-42BC-BE4C-A069DA41A3B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{94F4E4CA-970F-42EE-BE9F-D77ED93996D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{9D2242BC-1C2F-4376-B149-E5A067B6DC77}" = protocol=58 | dir=in | [email protected],-28545 |
"{9DF0FAD6-DB7E-4482-AA34-51D6EB2B4CB4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A0275B5D-6FF3-46FF-9694-314291183B04}" = protocol=58 | dir=out | [email protected],-28546 |
"{A6604856-9A86-4C3A-B632-D92951292214}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware\aawwsc.exe |
"{A73D2202-BBD2-456B-AAC1-9EBF09887E24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A875D193-CFAA-4917-AC85-23E074B1A7B4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B7311BF0-DDCC-44B0-B8CD-5D7EAA870386}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{BF0074E0-2FE3-4A2E-88B7-24B2D242EAD7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C0423C48-4AAC-495E-91B0-8982818E02C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C17140C6-9EC7-49F2-821D-6836B6BA1B5B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C8D7F369-F9B0-4835-BAB9-3D29B2AF6468}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{CB0187C0-40A2-4DDE-9533-3CCD86EF8D50}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware\ad-aware.exe |
"{D09DEB93-A7AC-481B-AC40-D6D8B6042090}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D90CA1C2-26E3-4DD7-8AFC-23503023C7BD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E6549661-AB76-46A2-9235-5B59D230B0F3}" = protocol=1 | dir=in | [email protected],-28543 |
"{E96F7802-C650-4121-B647-C8C2191A575E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC251EEB-E210-4227-8731-4058CB2CCD9B}" = protocol=1 | dir=out | [email protected],-28544 |
"{EFDD5137-1FC1-4040-BAFE-A7AC16271A93}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{191B1055-E545-4B89-89C1-36F0AD4C9693}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{1C6B93B1-99F2-471D-923E-1BC727D56D68}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{28F5352E-A891-4E50-8D8A-D7CF8A487E86}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{383DC961-0735-468E-8AC6-3AC9F4F02D83}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{398EE28F-4092-42A8-8092-1C5C3AC1E727}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{55D5C625-C227-47BC-BCFE-1DCD954FE596}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{6D0AFDD4-4951-4A52-8ACA-DAD6615D8816}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{79647C7C-250F-4202-B429-01486F2F96DF}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{BD44AB62-AEA9-4F9A-B21F-81F89F086DE3}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{D600FEC9-9E93-4C28-8321-95CF2EB45A8E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{DFBBA2DF-8EFA-434D-AF51-C05EAB1E9971}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F25135BC-C040-47CF-81EF-3DBC053905B9}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{F80107E8-A1EA-49BB-92CA-A90F54D9472B}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{0218BE51-A0B7-4918-8F38-AA58E1CF1D49}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{1B561B7E-3558-466B-B48E-BE059D153EBC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1DBFC25E-9EE0-469B-9AA7-FCED0D76605E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{227B4861-C602-404A-A733-911D40AF46C5}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{2AD6C477-CA3E-44F7-9068-4CFD6229E4F6}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{33850B62-8ABD-4E21-A9B1-A1AC54D6C27F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4235A945-6E60-4201-BB24-B52FF4B5DD24}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{70B5649A-AE41-45CF-9762-A8388D2C4C70}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{7C9FF565-7EE4-421D-A60C-4EE622EB00C6}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{960CF617-9159-4F1F-9462-4B4CF9E5F993}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{A4CEA0DF-1BFC-49DC-BD90-5BE99C5115A1}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{B1D323F2-7833-4D6D-A158-BCFBCD5A24A9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BEDB409B-5048-47B0-8C29-0F167E62E88B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{75D48CBE-DE70-44AB-B631-C3E60F5184D5}" = STOIK Video Converter 3
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C1CEAB5E-23FE-4D62-96D7-AE2744367FD7}" = Cozi
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE318321-7909-4D3E-8540-EFED111E1786}" = STOIK Video Converter 3
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"0D5930BD8653120870DA6E7F2150CA8AB1CF22A5" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_7" = AIM 7
"Any Audio Converter_is1" = Any Audio Converter 3.2.7
"Audacity_is1" = Audacity 1.2.6
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Creative OEM002" = Laptop Integrated Webcam Driver (1.02.01.0612)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Desktop Screen Record 5_is1" = Desktop Screen Record 5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GoToAssist" = GoToAssist Corporate
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"iSnooze" = iSnooze 1.3.3
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOKR" = Microsoft Office Outlook 2007
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"ReNamer_is1" = ReNamer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SyncBack_is1" = SyncBack
"SynTPDeinstKey" = Dell Touchpad
"The Journal 4_is1" = The Journal 4
"ThumbsPlus7" = ThumbsPlus version 7 SP2
"TibetSystem - Uninstall Web Viewer" = Uninstall Web Viewer
"ViewpointMediaPlayer" = Viewpoint Media Player
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"757980bd62c97274" = Downloadr
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 4.8.0.723
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/4/2011 7:22:30 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2515547
Error - 4/4/2011 7:22:31 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/4/2011 7:22:31 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2516545
Error - 4/4/2011 7:22:31 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2516545
Error - 4/4/2011 7:22:32 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/4/2011 7:22:32 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2517544
Error - 4/4/2011 7:22:32 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2517544
Error - 4/4/2011 7:22:33 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/4/2011 7:22:33 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2518558
Error - 4/4/2011 7:22:33 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2518558
[ OSession Events ]
Error - 11/9/2010 10:27:06 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 764784
seconds with 4980 seconds of active time. This session ended with a crash.
Error - 1/9/2011 11:08:52 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13876
seconds with 240 seconds of active time. This session ended with a crash.
Error - 3/22/2011 7:57:14 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 452041
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 3/22/2011 7:58:48 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 80
seconds with 60 seconds of active time. This session ended with a crash.
Error - 5/1/2011 11:06:33 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 78798
seconds with 0 seconds of active time. This session ended with a crash.
Error - 5/2/2011 4:11:40 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18201
seconds with 420 seconds of active time. This session ended with a crash.
Error - 7/13/2011 3:15:02 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11975
seconds with 1500 seconds of active time. This session ended with a crash.
Error - 9/25/2011 5:41:48 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55317
seconds with 60 seconds of active time. This session ended with a crash.
Error - 11/16/2011 3:07:08 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 346411
seconds with 4080 seconds of active time. This session ended with a crash.
Error - 12/17/2011 2:22:49 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 272
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12/28/2011 11:47:20 PM | Computer Name = KC03 | Source = Service Control Manager | ID = 7000
Description =
Error - 12/28/2011 11:47:20 PM | Computer Name = KC03 | Source = Service Control Manager | ID = 7000
Description =
Error - 12/28/2011 11:48:03 PM | Computer Name = KC03 | Source = Service Control Manager | ID = 7022
Description =
Error - 12/28/2011 11:48:07 PM | Computer Name = KC03 | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842
Error - 12/28/2011 11:55:27 PM | Computer Name = KC03 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.
Error - 12/28/2011 11:55:28 PM | Computer Name = KC03 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.
Error - 12/28/2011 11:55:47 PM | Computer Name = KC03 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume DRIVE_C.
Error - 12/28/2011 11:57:48 PM | Computer Name = KC03 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.
Error - 12/29/2011 1:38:14 AM | Computer Name = KC03 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:35:51 PM on 12/28/2011 was unexpected.
Error - 12/29/2011 11:24:32 PM | Computer Name = KC03 | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
< End of report >
OTL logfile created on: 12/31/2011 12:38:15 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kwong\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.76% Memory free
4.22 Gb Paging File | 3.19 Gb Available in Paging File | 75.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 30.19 Gb Free Space | 10.57% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.88 Gb Free Space | 58.78% Space Free | Partition Type: NTFS
Computer Name: KC03 | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/31 00:35:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kwong\Desktop\OTL.exe
PRC - [2010/11/30 12:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/06/22 13:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/05/11 10:11:58 | 000,134,144 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/26 17:26:22 | 000,753,664 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
PRC - [2009/09/04 11:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/04 11:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/04/11 08:01:47 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 08:19:50 | 000,569,344 | ---- | M] (Progoth.com) -- C:\Program Files\iSnooze\iSnooze.exe
PRC - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/05/22 14:05:06 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2007/09/20 13:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 13:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/05/10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
========== Modules (No Company Name) ==========
MOD - [2009/09/04 11:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/11/11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/19 18:14:44 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/09/20 13:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 04:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/12/30 23:36:48 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA85CD73-451A-496F-AFD7-FE9383B75172}\MpKslfe033611.sys -- (MpKslfe033611)
DRV - [2010/10/24 20:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/12 04:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/02/12 14:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/09/13 13:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/14 16:25:00 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/05/10 01:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/25 06:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/02/02 22:52:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/06 22:42:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/09/04 23:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 03:48:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 19:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/09/04 23:42:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/06 22:42:04 | 000,000,000 | ---D | M]
[2011/07/11 06:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kwong\AppData\Roaming\Mozilla\Extensions
[2011/11/16 03:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/16 23:40:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/16 03:48:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 23:47:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/16 03:48:24 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/12/20 14:55:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..Trusted Domains: bankofamerica.com ([bills] https in Trusted sites)
O15 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..Trusted Domains: lorexddns.net ([cpcoakland] https in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} http://108.200.50.71/webviewer.cab (RemoteDvr Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14731478-248E-4EB2-9108-8C2C748D6A10}: NameServer = 172.18.7.170 172.18.7.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6B9967C-5C87-4D8A-AA55-BE9081EADCF0}: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/12/31 00:35:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kwong\Desktop\OTL.exe
[2011/12/30 03:56:25 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Kwong\Desktop\aswMBR.exe
[2011/12/28 21:36:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/28 21:25:55 | 004,353,794 | R--- | C] (Swearware) -- C:\Users\Kwong\Desktop\Combo-Fix.exe
[2011/12/28 01:04:27 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Apple
[2011/12/27 19:51:51 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Adobe
[2011/12/26 18:08:54 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Apple Computer
[2011/12/26 00:51:39 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Broadcom
[2011/12/25 02:44:48 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Apps
[2011/12/20 15:01:41 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\temp
[2011/12/20 14:55:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/18 00:15:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/12/16 02:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/15 22:11:12 | 000,000,000 | ---D | C] -- C:\Users\Kwong\Desktop\2012-12 Xmas Presents
========== Files - Modified Within 30 Days ==========
[2011/12/31 00:35:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kwong\Desktop\OTL.exe
[2011/12/31 00:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 00:29:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/31 00:24:50 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/31 00:24:50 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 23:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/30 08:06:42 | 000,000,576 | ---- | M] () -- C:\Users\Kwong\Desktop\MBR.zip
[2011/12/30 08:04:57 | 000,000,512 | ---- | M] () -- C:\Users\Kwong\Desktop\MBR.dat
[2011/12/30 03:56:47 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Kwong\Desktop\aswMBR.exe
[2011/12/28 22:24:08 | 000,638,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/28 22:24:08 | 000,111,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/28 21:37:46 | 329,977,290 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/28 21:26:03 | 004,353,794 | R--- | M] (Swearware) -- C:\Users\Kwong\Desktop\Combo-Fix.exe
[2011/12/28 21:12:31 | 000,018,944 | -H-- | M] () -- C:\Users\Kwong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 09:52:46 | 000,000,031 | ---- | M] () -- C:\ProgramData\IpAndPort.fig
[2011/12/26 09:52:45 | 000,000,208 | -H-- | M] () -- C:\ProgramData\RmUserCfg.ini
[2011/12/25 04:27:50 | 000,000,876 | -HS- | M] () -- C:\Windows\9027656drv.spi
[2011/12/25 02:23:29 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/25 02:16:01 | 000,011,796 | --S- | M] () -- C:\Users\Kwong\AppData\Local\d31w03803t6bly5mr8gi647
[2011/12/25 02:16:01 | 000,011,796 | --S- | M] () -- C:\ProgramData\d31w03803t6bly5mr8gi647
[2011/12/24 09:59:14 | 000,023,552 | ---- | M] () -- C:\Users\Kwong\Desktop\PG&E You Have a New Energy Statement.msg
[2011/12/24 09:59:00 | 000,028,160 | ---- | M] () -- C:\Users\Kwong\Desktop\You have a new bill from Pacific Gas & Electric.msg
[2011/12/23 23:58:42 | 007,060,871 | ---- | M] () -- C:\Users\Kwong\Desktop\2012-12 Xmas Cards.pdf
[2011/12/21 01:38:52 | 008,010,213 | ---- | M] () -- C:\Users\Kwong\Desktop\The Christmas Song - Judy Garland & Mel Tormé (The Judy Garland Christmas Show).mp3
[2011/12/20 15:59:47 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/20 14:59:31 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/20 14:59:31 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/20 14:55:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/20 12:50:30 | 000,010,038 | --S- | M] () -- C:\Users\Kwong\AppData\Local\3a43nk4r53b600
[2011/12/20 12:50:30 | 000,010,038 | --S- | M] () -- C:\ProgramData\3a43nk4r53b600
[2011/12/15 02:29:09 | 000,052,992 | ---- | M] () -- C:\Users\Kwong\Desktop\https___parkcentral.parking.com_BarCodeWrapper.pdf
[2011/12/09 23:25:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/12/05 23:37:49 | 000,094,061 | ---- | M] () -- C:\Users\Kwong\Desktop\2011-12-05 Handbell Glove Order.pdf
========== Files Created - No Company Name ==========
[2011/12/30 08:06:42 | 000,000,576 | ---- | C] () -- C:\Users\Kwong\Desktop\MBR.zip
[2011/12/30 08:04:57 | 000,000,512 | ---- | C] () -- C:\Users\Kwong\Desktop\MBR.dat
[2011/12/25 03:47:41 | 000,000,876 | -HS- | C] () -- C:\Windows\9027656drv.spi
[2011/12/24 15:47:10 | 000,011,796 | --S- | C] () -- C:\Users\Kwong\AppData\Local\d31w03803t6bly5mr8gi647
[2011/12/24 15:47:10 | 000,011,796 | --S- | C] () -- C:\ProgramData\d31w03803t6bly5mr8gi647
[2011/12/24 09:59:14 | 000,023,552 | ---- | C] () -- C:\Users\Kwong\Desktop\PG&E You Have a New Energy Statement.msg
[2011/12/24 09:59:00 | 000,028,160 | ---- | C] () -- C:\Users\Kwong\Desktop\You have a new bill from Pacific Gas & Electric.msg
[2011/12/21 01:26:11 | 008,010,213 | ---- | C] () -- C:\Users\Kwong\Desktop\The Christmas Song - Judy Garland & Mel Tormé (The Judy Garland Christmas Show).mp3
[2011/12/20 12:59:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/20 12:59:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/20 07:58:02 | 000,010,038 | --S- | C] () -- C:\Users\Kwong\AppData\Local\3a43nk4r53b600
[2011/12/20 07:58:02 | 000,010,038 | --S- | C] () -- C:\ProgramData\3a43nk4r53b600
[2011/12/16 00:31:24 | 007,060,871 | ---- | C] () -- C:\Users\Kwong\Desktop\2012-12 Xmas Cards.pdf
[2011/12/15 02:29:14 | 000,052,992 | ---- | C] () -- C:\Users\Kwong\Desktop\https___parkcentral.parking.com_BarCodeWrapper.pdf
[2011/12/12 02:24:27 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/09 23:25:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/12/05 23:38:07 | 000,094,061 | ---- | C] () -- C:\Users\Kwong\Desktop\2011-12-05 Handbell Glove Order.pdf
[2011/11/26 23:11:24 | 000,018,944 | -H-- | C] () -- C:\Users\Kwong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 23:32:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\uninst.exe
[2011/09/02 23:32:58 | 000,000,000 | ---- | C] () -- C:\Windows\dvr2.ini
[2011/06/03 21:48:06 | 000,000,208 | -H-- | C] () -- C:\ProgramData\RmUserCfg.ini
[2011/06/03 21:48:06 | 000,000,031 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2011/05/21 14:00:56 | 000,001,504 | --S- | C] () -- C:\Users\Kwong\AppData\Local\w7tkmxsa7y27k2i4k25v0l
[2011/05/21 14:00:56 | 000,001,504 | --S- | C] () -- C:\ProgramData\w7tkmxsa7y27k2i4k25v0l
[2011/04/21 18:01:56 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/03/05 21:33:34 | 000,048,128 | ---- | C] () -- C:\Windows\System32\HiDvrOcxCHT.dll
[2011/03/05 21:33:34 | 000,048,128 | ---- | C] () -- C:\Windows\System32\HiDvrOcxCHS.dll
[2010/08/26 02:33:26 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySAVI2WMV.dat
[2010/08/26 02:33:01 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/08/19 18:40:27 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/05/21 04:03:21 | 000,001,660 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/04/28 22:32:28 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/06 22:41:40 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/25 13:47:42 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2009/12/25 13:47:42 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009/12/19 09:33:28 | 000,077,351 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/08/04 19:27:51 | 000,000,163 | ---- | C] () -- C:\Users\Kwong\AppData\Roaming\default.rss
[2009/08/04 09:03:30 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/05/23 04:29:56 | 000,116,841 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/04/10 14:07:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/04/10 14:07:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/04/10 14:07:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/03/22 23:05:21 | 000,179,909 | ---- | C] () -- C:\Windows\hpwins14.dat
[2009/03/22 23:05:21 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2009/03/10 11:03:36 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/03/09 13:44:17 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2009/03/08 15:41:40 | 000,077,824 | ---- | C] () -- C:\Windows\System32\adistres.dll
[2009/03/06 21:22:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/06 21:22:34 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2009/03/06 21:22:26 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2009/03/05 18:57:38 | 000,174,171 | ---- | C] () -- C:\Users\Kwong\AppData\Roaming\nvModes.001
[2009/03/05 18:57:37 | 000,174,171 | ---- | C] () -- C:\Users\Kwong\AppData\Roaming\nvModes.dat
[2009/03/05 18:41:08 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/03/05 18:12:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/02/21 11:26:58 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,344,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,638,696 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,111,078 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 23:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/01 23:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
========== LOP Check ==========
[2010/08/01 07:47:37 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\7E55410E11ED098331C6E564EEB2EA4C
[2009/03/11 20:35:46 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\acccore
[2011/06/22 22:48:37 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\AnvSoft
[2011/07/07 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Any Audio Converter
[2011/07/17 23:30:59 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Downloadr
[2011/08/24 23:57:14 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Dropbox
[2009/04/29 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\ESRI
[2010/02/21 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Facebook
[2011/08/15 21:24:40 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\GARMIN
[2009/03/08 15:40:10 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\InterTrust
[2011/04/14 18:49:54 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Leadertech
[2011/04/14 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Memeo
[2010/09/16 21:13:06 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Nokia
[2010/06/23 23:33:57 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\PC Suite
[2011/03/05 08:42:18 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\PCDr
[2011/07/14 08:14:17 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\The Journal
[2011/04/21 18:26:55 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\ThumbsPlus
[2011/04/11 23:08:25 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\tmp
[2010/05/27 22:58:26 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\PC Suite
[2010/05/27 23:12:51 | 000,000,000 | ---D | M] -- C:\Users\Visitor\AppData\Roaming\Nokia
[2010/06/29 13:49:39 | 000,000,000 | ---D | M] -- C:\Users\Visitor\AppData\Roaming\PC Suite
[2010/07/17 08:54:26 | 000,000,000 | ---D | M] -- C:\Users\Visitor\AppData\Roaming\ThumbsPlus
[2011/12/20 15:59:48 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/04/11 08:01:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 08:01:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2009/04/11 08:01:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) MD5=4CBE2BD48A10404A7CB9FA9D45FD77A3 -- C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe
[2009/04/11 08:01:45 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/11 08:01:45 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:01:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 01:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
< MD5 for: SVCHOST.EXE >
[2006/11/02 01:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\ERDNT\cache\svchost.exe
[2006/11/02 01:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 01:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
< MD5 for: USERINIT.EXE >
[2006/11/02 01:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\ERDNT\cache\userinit.exe
[2006/11/02 01:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 01:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006/11/02 01:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\ERDNT\cache\winlogon.exe
[2006/11/02 01:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 01:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/22 22:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2010/02/22 22:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/22 22:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2010/02/22 22:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:64202D1C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:BC0013C8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 12/31/2011 12:38:15 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kwong\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.76% Memory free
4.22 Gb Paging File | 3.19 Gb Available in Paging File | 75.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 30.19 Gb Free Space | 10.57% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.88 Gb Free Space | 58.78% Space Free | Partition Type: NTFS
Computer Name: KC03 | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F94607-4C62-456C-AF9F-221ED24512B7}" = rport=138 | protocol=17 | dir=out | app=system |
"{1A406A0E-032F-48B4-BE69-AE9F23B9D2D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{24BEF276-B99F-4AF9-AAF8-0E2CEEBC7B29}" = rport=139 | protocol=6 | dir=out | app=system |
"{2EB7450F-3F9E-4F2C-91CA-D4DCBC064EDA}" = lport=139 | protocol=6 | dir=in | app=system |
"{34431875-9338-4ECF-8CB1-D6C48DB8BDF9}" = lport=138 | protocol=17 | dir=in | app=system |
"{45D9F8FF-A0DF-49DF-81F1-5AB345916DF9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{49816F1B-9438-4781-BB5B-A773157ECE43}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7714818F-6BBB-4967-8E87-8EA5C93861EF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7BDC2F0A-B7BE-439E-AE41-583C75A8D824}" = rport=137 | protocol=17 | dir=out | app=system |
"{AACAAEC5-5321-4EE4-BB2D-67D8AE74471C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FA0CCB83-F2AD-4238-B5FF-E4FB9FF4D7DC}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02448D36-FE62-4D16-BB4C-847C1CFA1513}" = protocol=6 | dir=in | app=c:\users\kwong\appdata\roaming\dropbox\bin\dropbox.exe |
"{1B24B022-A6FC-40DF-9529-7715C2881CC7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1B728AD2-D373-4CD4-8D61-0566400455E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{1DB830E9-560E-47D6-B2B7-65D838E60EF5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{28CEA68E-59E5-436F-89A7-063260EEDD65}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2B6ABF6A-302F-43D2-B0F4-D6F71F3A4BC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2F237A43-DFCD-4ACE-B496-97794013F4FA}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{42CADCFE-2C55-44BF-AA5C-CB37E9C1CBEA}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{448A4E7E-4315-4A1A-B448-886B82D8BC09}" = protocol=1 | dir=in | [email protected],-28543 |
"{46A2BDC4-9FB7-4802-8624-E27A51A31855}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware\aawwsc.exe |
"{4B134C7E-E238-4653-8EFC-56A4D548253C}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware\ad-aware.exe |
"{503CFFB2-457D-4A26-8774-08C97B6798E5}" = protocol=1 | dir=out | [email protected],-28544 |
"{5673F270-F6FB-412D-B086-47BCB088F8D1}" = protocol=58 | dir=in | [email protected],-28545 |
"{575245CD-CE14-4419-AA2C-01B061A498F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{5811833D-A936-4CC2-88EE-3026A236238F}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware\aawwsc.exe |
"{586EC2EA-66FC-4CD1-B084-F5B6275D5E8E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{61D910E3-B8DF-4BF9-A3B7-90A913643939}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6BFD881F-3DC1-4D03-BA9E-2EC7228AF5FF}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6C7A3C35-0EF5-4A0D-A7F2-61AB851EE3D1}" = protocol=58 | dir=out | [email protected],-28546 |
"{75CCFEF0-4D0A-44CF-966B-D7EB5A9372C3}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware\aawwsc.exe |
"{788FFAB1-C4F4-4D9A-ABA8-B4D99E128740}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{8AB41C04-8834-4DED-9F3F-C5B532831050}" = protocol=17 | dir=in | app=c:\users\kwong\appdata\roaming\dropbox\bin\dropbox.exe |
"{8B6AA329-A82A-406B-99EB-B565EC58C547}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8D9EB3D2-D3D0-42BC-BE4C-A069DA41A3B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{94F4E4CA-970F-42EE-BE9F-D77ED93996D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{9D2242BC-1C2F-4376-B149-E5A067B6DC77}" = protocol=58 | dir=in | [email protected],-28545 |
"{9DF0FAD6-DB7E-4482-AA34-51D6EB2B4CB4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A0275B5D-6FF3-46FF-9694-314291183B04}" = protocol=58 | dir=out | [email protected],-28546 |
"{A6604856-9A86-4C3A-B632-D92951292214}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware\aawwsc.exe |
"{A73D2202-BBD2-456B-AAC1-9EBF09887E24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A875D193-CFAA-4917-AC85-23E074B1A7B4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B7311BF0-DDCC-44B0-B8CD-5D7EAA870386}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{BF0074E0-2FE3-4A2E-88B7-24B2D242EAD7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C0423C48-4AAC-495E-91B0-8982818E02C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C17140C6-9EC7-49F2-821D-6836B6BA1B5B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C8D7F369-F9B0-4835-BAB9-3D29B2AF6468}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{CB0187C0-40A2-4DDE-9533-3CCD86EF8D50}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware\ad-aware.exe |
"{D09DEB93-A7AC-481B-AC40-D6D8B6042090}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D90CA1C2-26E3-4DD7-8AFC-23503023C7BD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E6549661-AB76-46A2-9235-5B59D230B0F3}" = protocol=1 | dir=in | [email protected],-28543 |
"{E96F7802-C650-4121-B647-C8C2191A575E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC251EEB-E210-4227-8731-4058CB2CCD9B}" = protocol=1 | dir=out | [email protected],-28544 |
"{EFDD5137-1FC1-4040-BAFE-A7AC16271A93}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{191B1055-E545-4B89-89C1-36F0AD4C9693}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{1C6B93B1-99F2-471D-923E-1BC727D56D68}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{28F5352E-A891-4E50-8D8A-D7CF8A487E86}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{383DC961-0735-468E-8AC6-3AC9F4F02D83}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{398EE28F-4092-42A8-8092-1C5C3AC1E727}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{55D5C625-C227-47BC-BCFE-1DCD954FE596}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{6D0AFDD4-4951-4A52-8ACA-DAD6615D8816}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{79647C7C-250F-4202-B429-01486F2F96DF}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{BD44AB62-AEA9-4F9A-B21F-81F89F086DE3}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{D600FEC9-9E93-4C28-8321-95CF2EB45A8E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{DFBBA2DF-8EFA-434D-AF51-C05EAB1E9971}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F25135BC-C040-47CF-81EF-3DBC053905B9}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{F80107E8-A1EA-49BB-92CA-A90F54D9472B}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{0218BE51-A0B7-4918-8F38-AA58E1CF1D49}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{1B561B7E-3558-466B-B48E-BE059D153EBC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1DBFC25E-9EE0-469B-9AA7-FCED0D76605E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{227B4861-C602-404A-A733-911D40AF46C5}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{2AD6C477-CA3E-44F7-9068-4CFD6229E4F6}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{33850B62-8ABD-4E21-A9B1-A1AC54D6C27F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4235A945-6E60-4201-BB24-B52FF4B5DD24}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{70B5649A-AE41-45CF-9762-A8388D2C4C70}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{7C9FF565-7EE4-421D-A60C-4EE622EB00C6}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{960CF617-9159-4F1F-9462-4B4CF9E5F993}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{A4CEA0DF-1BFC-49DC-BD90-5BE99C5115A1}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{B1D323F2-7833-4D6D-A158-BCFBCD5A24A9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BEDB409B-5048-47B0-8C29-0F167E62E88B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{75D48CBE-DE70-44AB-B631-C3E60F5184D5}" = STOIK Video Converter 3
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C1CEAB5E-23FE-4D62-96D7-AE2744367FD7}" = Cozi
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE318321-7909-4D3E-8540-EFED111E1786}" = STOIK Video Converter 3
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"0D5930BD8653120870DA6E7F2150CA8AB1CF22A5" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_7" = AIM 7
"Any Audio Converter_is1" = Any Audio Converter 3.2.7
"Audacity_is1" = Audacity 1.2.6
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Creative OEM002" = Laptop Integrated Webcam Driver (1.02.01.0612)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Desktop Screen Record 5_is1" = Desktop Screen Record 5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GoToAssist" = GoToAssist Corporate
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"iSnooze" = iSnooze 1.3.3
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOKR" = Microsoft Office Outlook 2007
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"ReNamer_is1" = ReNamer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SyncBack_is1" = SyncBack
"SynTPDeinstKey" = Dell Touchpad
"The Journal 4_is1" = The Journal 4
"ThumbsPlus7" = ThumbsPlus version 7 SP2
"TibetSystem - Uninstall Web Viewer" = Uninstall Web Viewer
"ViewpointMediaPlayer" = Viewpoint Media Player
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"757980bd62c97274" = Downloadr
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 4.8.0.723
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/4/2011 7:22:30 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2515547
Error - 4/4/2011 7:22:31 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/4/2011 7:22:31 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2516545
Error - 4/4/2011 7:22:31 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2516545
Error - 4/4/2011 7:22:32 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/4/2011 7:22:32 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2517544
Error - 4/4/2011 7:22:32 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2517544
Error - 4/4/2011 7:22:33 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/4/2011 7:22:33 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2518558
Error - 4/4/2011 7:22:33 PM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2518558
[ OSession Events ]
Error - 11/9/2010 10:27:06 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 764784
seconds with 4980 seconds of active time. This session ended with a crash.
Error - 1/9/2011 11:08:52 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13876
seconds with 240 seconds of active time. This session ended with a crash.
Error - 3/22/2011 7:57:14 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 452041
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 3/22/2011 7:58:48 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 80
seconds with 60 seconds of active time. This session ended with a crash.
Error - 5/1/2011 11:06:33 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 78798
seconds with 0 seconds of active time. This session ended with a crash.
Error - 5/2/2011 4:11:40 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18201
seconds with 420 seconds of active time. This session ended with a crash.
Error - 7/13/2011 3:15:02 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11975
seconds with 1500 seconds of active time. This session ended with a crash.
Error - 9/25/2011 5:41:48 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55317
seconds with 60 seconds of active time. This session ended with a crash.
Error - 11/16/2011 3:07:08 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 346411
seconds with 4080 seconds of active time. This session ended with a crash.
Error - 12/17/2011 2:22:49 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 272
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12/28/2011 11:47:20 PM | Computer Name = KC03 | Source = Service Control Manager | ID = 7000
Description =
Error - 12/28/2011 11:47:20 PM | Computer Name = KC03 | Source = Service Control Manager | ID = 7000
Description =
Error - 12/28/2011 11:48:03 PM | Computer Name = KC03 | Source = Service Control Manager | ID = 7022
Description =
Error - 12/28/2011 11:48:07 PM | Computer Name = KC03 | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842
Error - 12/28/2011 11:55:27 PM | Computer Name = KC03 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.
Error - 12/28/2011 11:55:28 PM | Computer Name = KC03 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.
Error - 12/28/2011 11:55:47 PM | Computer Name = KC03 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume DRIVE_C.
Error - 12/28/2011 11:57:48 PM | Computer Name = KC03 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.
Error - 12/29/2011 1:38:14 AM | Computer Name = KC03 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:35:51 PM on 12/28/2011 was unexpected.
Error - 12/29/2011 11:24:32 PM | Computer Name = KC03 | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
< End of report >
OTL logfile created on: 12/31/2011 12:38:15 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kwong\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.76% Memory free
4.22 Gb Paging File | 3.19 Gb Available in Paging File | 75.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 30.19 Gb Free Space | 10.57% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.88 Gb Free Space | 58.78% Space Free | Partition Type: NTFS
Computer Name: KC03 | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/31 00:35:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kwong\Desktop\OTL.exe
PRC - [2010/11/30 12:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/06/22 13:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/05/11 10:11:58 | 000,134,144 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/26 17:26:22 | 000,753,664 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
PRC - [2009/09/04 11:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/04 11:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/04/11 08:01:47 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 08:19:50 | 000,569,344 | ---- | M] (Progoth.com) -- C:\Program Files\iSnooze\iSnooze.exe
PRC - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/05/22 14:05:06 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2007/09/20 13:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 13:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/05/10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
========== Modules (No Company Name) ==========
MOD - [2009/09/04 11:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/11/11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/19 18:14:44 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/09/20 13:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 04:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/12/30 23:36:48 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA85CD73-451A-496F-AFD7-FE9383B75172}\MpKslfe033611.sys -- (MpKslfe033611)
DRV - [2010/10/24 20:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/12 04:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/02/12 14:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/09/13 13:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/14 16:25:00 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/05/10 01:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/25 06:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/02/02 22:52:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/06 22:42:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/09/04 23:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 03:48:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 19:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/09/04 23:42:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/06 22:42:04 | 000,000,000 | ---D | M]
[2011/07/11 06:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kwong\AppData\Roaming\Mozilla\Extensions
[2011/11/16 03:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/16 23:40:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/16 03:48:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 23:47:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/16 03:48:24 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/12/20 14:55:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..Trusted Domains: bankofamerica.com ([bills] https in Trusted sites)
O15 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..Trusted Domains: lorexddns.net ([cpcoakland] https in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} http://108.200.50.71/webviewer.cab (RemoteDvr Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14731478-248E-4EB2-9108-8C2C748D6A10}: NameServer = 172.18.7.170 172.18.7.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6B9967C-5C87-4D8A-AA55-BE9081EADCF0}: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/12/31 00:35:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kwong\Desktop\OTL.exe
[2011/12/30 03:56:25 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Kwong\Desktop\aswMBR.exe
[2011/12/28 21:36:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/28 21:25:55 | 004,353,794 | R--- | C] (Swearware) -- C:\Users\Kwong\Desktop\Combo-Fix.exe
[2011/12/28 01:04:27 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Apple
[2011/12/27 19:51:51 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Adobe
[2011/12/26 18:08:54 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Apple Computer
[2011/12/26 00:51:39 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Broadcom
[2011/12/25 02:44:48 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Apps
[2011/12/20 15:01:41 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\temp
[2011/12/20 14:55:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/18 00:15:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/12/16 02:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/15 22:11:12 | 000,000,000 | ---D | C] -- C:\Users\Kwong\Desktop\2012-12 Xmas Presents
========== Files - Modified Within 30 Days ==========
[2011/12/31 00:35:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kwong\Desktop\OTL.exe
[2011/12/31 00:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 00:29:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/31 00:24:50 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/31 00:24:50 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 23:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/30 08:06:42 | 000,000,576 | ---- | M] () -- C:\Users\Kwong\Desktop\MBR.zip
[2011/12/30 08:04:57 | 000,000,512 | ---- | M] () -- C:\Users\Kwong\Desktop\MBR.dat
[2011/12/30 03:56:47 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Kwong\Desktop\aswMBR.exe
[2011/12/28 22:24:08 | 000,638,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/28 22:24:08 | 000,111,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/28 21:37:46 | 329,977,290 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/28 21:26:03 | 004,353,794 | R--- | M] (Swearware) -- C:\Users\Kwong\Desktop\Combo-Fix.exe
[2011/12/28 21:12:31 | 000,018,944 | -H-- | M] () -- C:\Users\Kwong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 09:52:46 | 000,000,031 | ---- | M] () -- C:\ProgramData\IpAndPort.fig
[2011/12/26 09:52:45 | 000,000,208 | -H-- | M] () -- C:\ProgramData\RmUserCfg.ini
[2011/12/25 04:27:50 | 000,000,876 | -HS- | M] () -- C:\Windows\9027656drv.spi
[2011/12/25 02:23:29 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/25 02:16:01 | 000,011,796 | --S- | M] () -- C:\Users\Kwong\AppData\Local\d31w03803t6bly5mr8gi647
[2011/12/25 02:16:01 | 000,011,796 | --S- | M] () -- C:\ProgramData\d31w03803t6bly5mr8gi647
[2011/12/24 09:59:14 | 000,023,552 | ---- | M] () -- C:\Users\Kwong\Desktop\PG&E You Have a New Energy Statement.msg
[2011/12/24 09:59:00 | 000,028,160 | ---- | M] () -- C:\Users\Kwong\Desktop\You have a new bill from Pacific Gas & Electric.msg
[2011/12/23 23:58:42 | 007,060,871 | ---- | M] () -- C:\Users\Kwong\Desktop\2012-12 Xmas Cards.pdf
[2011/12/21 01:38:52 | 008,010,213 | ---- | M] () -- C:\Users\Kwong\Desktop\The Christmas Song - Judy Garland & Mel Tormé (The Judy Garland Christmas Show).mp3
[2011/12/20 15:59:47 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/20 14:59:31 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/20 14:59:31 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/20 14:55:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/20 12:50:30 | 000,010,038 | --S- | M] () -- C:\Users\Kwong\AppData\Local\3a43nk4r53b600
[2011/12/20 12:50:30 | 000,010,038 | --S- | M] () -- C:\ProgramData\3a43nk4r53b600
[2011/12/15 02:29:09 | 000,052,992 | ---- | M] () -- C:\Users\Kwong\Desktop\https___parkcentral.parking.com_BarCodeWrapper.pdf
[2011/12/09 23:25:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/12/05 23:37:49 | 000,094,061 | ---- | M] () -- C:\Users\Kwong\Desktop\2011-12-05 Handbell Glove Order.pdf
========== Files Created - No Company Name ==========
[2011/12/30 08:06:42 | 000,000,576 | ---- | C] () -- C:\Users\Kwong\Desktop\MBR.zip
[2011/12/30 08:04:57 | 000,000,512 | ---- | C] () -- C:\Users\Kwong\Desktop\MBR.dat
[2011/12/25 03:47:41 | 000,000,876 | -HS- | C] () -- C:\Windows\9027656drv.spi
[2011/12/24 15:47:10 | 000,011,796 | --S- | C] () -- C:\Users\Kwong\AppData\Local\d31w03803t6bly5mr8gi647
[2011/12/24 15:47:10 | 000,011,796 | --S- | C] () -- C:\ProgramData\d31w03803t6bly5mr8gi647
[2011/12/24 09:59:14 | 000,023,552 | ---- | C] () -- C:\Users\Kwong\Desktop\PG&E You Have a New Energy Statement.msg
[2011/12/24 09:59:00 | 000,028,160 | ---- | C] () -- C:\Users\Kwong\Desktop\You have a new bill from Pacific Gas & Electric.msg
[2011/12/21 01:26:11 | 008,010,213 | ---- | C] () -- C:\Users\Kwong\Desktop\The Christmas Song - Judy Garland & Mel Tormé (The Judy Garland Christmas Show).mp3
[2011/12/20 12:59:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/20 12:59:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/20 07:58:02 | 000,010,038 | --S- | C] () -- C:\Users\Kwong\AppData\Local\3a43nk4r53b600
[2011/12/20 07:58:02 | 000,010,038 | --S- | C] () -- C:\ProgramData\3a43nk4r53b600
[2011/12/16 00:31:24 | 007,060,871 | ---- | C] () -- C:\Users\Kwong\Desktop\2012-12 Xmas Cards.pdf
[2011/12/15 02:29:14 | 000,052,992 | ---- | C] () -- C:\Users\Kwong\Desktop\https___parkcentral.parking.com_BarCodeWrapper.pdf
[2011/12/12 02:24:27 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/09 23:25:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/12/05 23:38:07 | 000,094,061 | ---- | C] () -- C:\Users\Kwong\Desktop\2011-12-05 Handbell Glove Order.pdf
[2011/11/26 23:11:24 | 000,018,944 | -H-- | C] () -- C:\Users\Kwong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 23:32:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\uninst.exe
[2011/09/02 23:32:58 | 000,000,000 | ---- | C] () -- C:\Windows\dvr2.ini
[2011/06/03 21:48:06 | 000,000,208 | -H-- | C] () -- C:\ProgramData\RmUserCfg.ini
[2011/06/03 21:48:06 | 000,000,031 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2011/05/21 14:00:56 | 000,001,504 | --S- | C] () -- C:\Users\Kwong\AppData\Local\w7tkmxsa7y27k2i4k25v0l
[2011/05/21 14:00:56 | 000,001,504 | --S- | C] () -- C:\ProgramData\w7tkmxsa7y27k2i4k25v0l
[2011/04/21 18:01:56 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/03/05 21:33:34 | 000,048,128 | ---- | C] () -- C:\Windows\System32\HiDvrOcxCHT.dll
[2011/03/05 21:33:34 | 000,048,128 | ---- | C] () -- C:\Windows\System32\HiDvrOcxCHS.dll
[2010/08/26 02:33:26 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySAVI2WMV.dat
[2010/08/26 02:33:01 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/08/19 18:40:27 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/05/21 04:03:21 | 000,001,660 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/04/28 22:32:28 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/06 22:41:40 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/25 13:47:42 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2009/12/25 13:47:42 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009/12/19 09:33:28 | 000,077,351 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/08/04 19:27:51 | 000,000,163 | ---- | C] () -- C:\Users\Kwong\AppData\Roaming\default.rss
[2009/08/04 09:03:30 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/05/23 04:29:56 | 000,116,841 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/04/10 14:07:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/04/10 14:07:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/04/10 14:07:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/03/22 23:05:21 | 000,179,909 | ---- | C] () -- C:\Windows\hpwins14.dat
[2009/03/22 23:05:21 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2009/03/10 11:03:36 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/03/09 13:44:17 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2009/03/08 15:41:40 | 000,077,824 | ---- | C] () -- C:\Windows\System32\adistres.dll
[2009/03/06 21:22:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/06 21:22:34 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2009/03/06 21:22:26 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2009/03/05 18:57:38 | 000,174,171 | ---- | C] () -- C:\Users\Kwong\AppData\Roaming\nvModes.001
[2009/03/05 18:57:37 | 000,174,171 | ---- | C] () -- C:\Users\Kwong\AppData\Roaming\nvModes.dat
[2009/03/05 18:41:08 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/03/05 18:12:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/02/21 11:26:58 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,344,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,638,696 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,111,078 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 23:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/01 23:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
========== LOP Check ==========
[2010/08/01 07:47:37 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\7E55410E11ED098331C6E564EEB2EA4C
[2009/03/11 20:35:46 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\acccore
[2011/06/22 22:48:37 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\AnvSoft
[2011/07/07 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Any Audio Converter
[2011/07/17 23:30:59 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Downloadr
[2011/08/24 23:57:14 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Dropbox
[2009/04/29 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\ESRI
[2010/02/21 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Facebook
[2011/08/15 21:24:40 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\GARMIN
[2009/03/08 15:40:10 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\InterTrust
[2011/04/14 18:49:54 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Leadertech
[2011/04/14 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Memeo
[2010/09/16 21:13:06 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\Nokia
[2010/06/23 23:33:57 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\PC Suite
[2011/03/05 08:42:18 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\PCDr
[2011/07/14 08:14:17 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\The Journal
[2011/04/21 18:26:55 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\ThumbsPlus
[2011/04/11 23:08:25 | 000,000,000 | ---D | M] -- C:\Users\Kwong\AppData\Roaming\tmp
[2010/05/27 22:58:26 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\PC Suite
[2010/05/27 23:12:51 | 000,000,000 | ---D | M] -- C:\Users\Visitor\AppData\Roaming\Nokia
[2010/06/29 13:49:39 | 000,000,000 | ---D | M] -- C:\Users\Visitor\AppData\Roaming\PC Suite
[2010/07/17 08:54:26 | 000,000,000 | ---D | M] -- C:\Users\Visitor\AppData\Roaming\ThumbsPlus
[2011/12/20 15:59:48 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/04/11 08:01:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 08:01:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2009/04/11 08:01:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) MD5=4CBE2BD48A10404A7CB9FA9D45FD77A3 -- C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe
[2009/04/11 08:01:45 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/11 08:01:45 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:01:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 01:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
< MD5 for: SVCHOST.EXE >
[2006/11/02 01:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\ERDNT\cache\svchost.exe
[2006/11/02 01:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 01:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
< MD5 for: USERINIT.EXE >
[2006/11/02 01:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\ERDNT\cache\userinit.exe
[2006/11/02 01:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 01:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006/11/02 01:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\ERDNT\cache\winlogon.exe
[2006/11/02 01:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 01:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/22 22:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2010/02/22 22:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/16 03:48:22 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/11/16 03:48:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/22 20:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/22 22:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2010/02/22 22:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:64202D1C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:BC0013C8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
#28
Posted 02 January 2012 - 06:49 AM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Download the latest version of TDSSKiller from here and save it to your Desktop.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.
#29
Posted 07 January 2012 - 04:05 AM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
Sorry for the delay. Here's the TDSS Killer log:
01:52:51.0686 5928 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
01:52:52.0199 5928 ============================================================
01:52:52.0199 5928 Current date / time: 2012/01/07 01:52:52.0199
01:52:52.0199 5928 SystemInfo:
01:52:52.0199 5928
01:52:52.0199 5928 OS Version: 6.0.6000 ServicePack: 0.0
01:52:52.0199 5928 Product type: Workstation
01:52:52.0199 5928 ComputerName: KC03
01:52:52.0200 5928 UserName: Kwong
01:52:52.0200 5928 Windows directory: C:\Windows
01:52:52.0200 5928 System windows directory: C:\Windows
01:52:52.0200 5928 Processor architecture: Intel x86
01:52:52.0200 5928 Number of processors: 2
01:52:52.0200 5928 Page size: 0x1000
01:52:52.0200 5928 Boot type: Normal boot
01:52:52.0200 5928 ============================================================
01:53:00.0193 5928 Initialize success
01:53:59.0714 3908 ============================================================
01:53:59.0714 3908 Scan started
01:53:59.0715 3908 Mode: Manual; SigCheck; TDLFS;
01:53:59.0715 3908 ============================================================
01:54:00.0980 3908 61883 (45ef15ee13010fd53ed870fd240fa929) C:\Windows\system32\DRIVERS\61883.sys
01:54:01.0264 3908 61883 - ok
01:54:01.0377 3908 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
01:54:01.0513 3908 ACPI - ok
01:54:01.0664 3908 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
01:54:01.0711 3908 adp94xx - ok
01:54:01.0877 3908 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
01:54:01.0966 3908 adpahci - ok
01:54:02.0005 3908 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
01:54:02.0039 3908 adpu160m - ok
01:54:02.0074 3908 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
01:54:02.0113 3908 adpu320 - ok
01:54:02.0200 3908 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
01:54:02.0396 3908 AFD - ok
01:54:02.0499 3908 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
01:54:02.0545 3908 agp440 - ok
01:54:02.0575 3908 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:54:02.0623 3908 aic78xx - ok
01:54:02.0660 3908 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
01:54:02.0709 3908 aliide - ok
01:54:02.0750 3908 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
01:54:02.0776 3908 amdagp - ok
01:54:02.0802 3908 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
01:54:02.0821 3908 amdide - ok
01:54:02.0868 3908 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
01:54:02.0985 3908 AmdK7 - ok
01:54:03.0017 3908 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
01:54:03.0150 3908 AmdK8 - ok
01:54:03.0208 3908 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
01:54:03.0234 3908 arc - ok
01:54:03.0262 3908 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
01:54:03.0306 3908 arcsas - ok
01:54:03.0350 3908 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
01:54:03.0462 3908 AsyncMac - ok
01:54:03.0519 3908 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
01:54:03.0557 3908 atapi - ok
01:54:03.0637 3908 Avc (18c8269be7f0f65a2efc5b408d4a17df) C:\Windows\system32\DRIVERS\avc.sys
01:54:03.0745 3908 Avc - ok
01:54:03.0801 3908 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
01:54:03.0946 3908 b57nd60x - ok
01:54:04.0070 3908 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
01:54:04.0153 3908 Beep - ok
01:54:04.0216 3908 blbdrive - ok
01:54:04.0259 3908 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
01:54:04.0349 3908 bowser - ok
01:54:04.0397 3908 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:54:04.0553 3908 BrFiltLo - ok
01:54:04.0605 3908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:54:04.0768 3908 BrFiltUp - ok
01:54:04.0819 3908 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:54:04.0987 3908 Brserid - ok
01:54:05.0030 3908 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:54:05.0183 3908 BrSerWdm - ok
01:54:05.0265 3908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:54:05.0363 3908 BrUsbMdm - ok
01:54:05.0403 3908 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:54:05.0490 3908 BrUsbSer - ok
01:54:05.0562 3908 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
01:54:05.0638 3908 BthEnum - ok
01:54:05.0683 3908 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
01:54:05.0786 3908 BTHMODEM - ok
01:54:05.0837 3908 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
01:54:05.0973 3908 BthPan - ok
01:54:06.0036 3908 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
01:54:06.0089 3908 BTHPORT - ok
01:54:06.0105 3908 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
01:54:06.0146 3908 BTHUSB - ok
01:54:06.0200 3908 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\Windows\system32\drivers\btwaudio.sys
01:54:06.0292 3908 btwaudio - ok
01:54:06.0327 3908 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\drivers\btwavdt.sys
01:54:06.0385 3908 btwavdt - ok
01:54:06.0440 3908 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
01:54:06.0510 3908 btwl2cap - ok
01:54:06.0585 3908 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
01:54:06.0625 3908 btwrchid - ok
01:54:06.0647 3908 catchme - ok
01:54:06.0697 3908 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
01:54:06.0842 3908 cdfs - ok
01:54:06.0894 3908 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
01:54:06.0999 3908 cdrom - ok
01:54:07.0018 3908 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
01:54:07.0081 3908 circlass - ok
01:54:07.0119 3908 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
01:54:07.0202 3908 CLFS - ok
01:54:07.0285 3908 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
01:54:07.0380 3908 CmBatt - ok
01:54:07.0425 3908 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
01:54:07.0446 3908 cmdide - ok
01:54:07.0480 3908 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
01:54:07.0509 3908 Compbatt - ok
01:54:07.0531 3908 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
01:54:07.0555 3908 crcdisk - ok
01:54:07.0602 3908 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
01:54:07.0699 3908 Crusoe - ok
01:54:07.0746 3908 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
01:54:07.0842 3908 DfsC - ok
01:54:07.0935 3908 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
01:54:07.0960 3908 disk - ok
01:54:08.0027 3908 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
01:54:08.0132 3908 drmkaud - ok
01:54:08.0184 3908 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
01:54:08.0371 3908 DXGKrnl - ok
01:54:08.0431 3908 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:54:08.0546 3908 E1G60 - ok
01:54:08.0650 3908 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
01:54:08.0710 3908 Ecache - ok
01:54:08.0795 3908 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\Windows\system32\drivers\rsdrv.sys
01:54:08.0846 3908 ElRawDisk - ok
01:54:08.0900 3908 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
01:54:08.0951 3908 elxstor - ok
01:54:09.0019 3908 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
01:54:09.0142 3908 fastfat - ok
01:54:09.0177 3908 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
01:54:09.0260 3908 fdc - ok
01:54:09.0300 3908 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
01:54:09.0338 3908 FileInfo - ok
01:54:09.0363 3908 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
01:54:09.0474 3908 Filetrace - ok
01:54:09.0512 3908 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
01:54:09.0607 3908 flpydisk - ok
01:54:09.0644 3908 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
01:54:09.0713 3908 FltMgr - ok
01:54:09.0765 3908 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
01:54:09.0843 3908 Fs_Rec - ok
01:54:09.0866 3908 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
01:54:09.0935 3908 gagp30kx - ok
01:54:10.0007 3908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:54:10.0059 3908 GEARAspiWDM - ok
01:54:10.0366 3908 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
01:54:10.0553 3908 HdAudAddService - ok
01:54:10.0952 3908 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:54:11.0114 3908 HDAudBus - ok
01:54:11.0211 3908 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:54:11.0373 3908 HidBth - ok
01:54:11.0649 3908 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:54:11.0752 3908 HidIr - ok
01:54:11.0870 3908 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
01:54:11.0971 3908 HidUsb - ok
01:54:12.0041 3908 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
01:54:12.0072 3908 HpCISSs - ok
01:54:12.0184 3908 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
01:54:12.0322 3908 HTTP - ok
01:54:12.0376 3908 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
01:54:12.0400 3908 i2omp - ok
01:54:12.0455 3908 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
01:54:12.0532 3908 i8042prt - ok
01:54:12.0576 3908 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
01:54:12.0613 3908 iaStor - ok
01:54:12.0643 3908 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
01:54:12.0711 3908 iaStorV - ok
01:54:12.0759 3908 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:54:12.0787 3908 iirsp - ok
01:54:12.0857 3908 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
01:54:12.0877 3908 intelide - ok
01:54:12.0913 3908 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
01:54:13.0020 3908 intelppm - ok
01:54:13.0080 3908 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:54:13.0177 3908 IpFilterDriver - ok
01:54:13.0198 3908 IpInIp - ok
01:54:13.0241 3908 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
01:54:13.0340 3908 IPMIDRV - ok
01:54:13.0369 3908 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
01:54:13.0506 3908 IPNAT - ok
01:54:13.0551 3908 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
01:54:13.0641 3908 IRENUM - ok
01:54:13.0681 3908 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
01:54:13.0725 3908 isapnp - ok
01:54:13.0768 3908 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
01:54:13.0822 3908 iScsiPrt - ok
01:54:13.0872 3908 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:54:13.0897 3908 iteatapi - ok
01:54:13.0930 3908 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:54:13.0956 3908 iteraid - ok
01:54:13.0998 3908 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
01:54:14.0023 3908 kbdclass - ok
01:54:14.0058 3908 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
01:54:14.0118 3908 kbdhid - ok
01:54:14.0168 3908 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
01:54:14.0229 3908 KSecDD - ok
01:54:14.0351 3908 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
01:54:14.0445 3908 Lbd - ok
01:54:14.0513 3908 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
01:54:14.0626 3908 lltdio - ok
01:54:14.0703 3908 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
01:54:14.0731 3908 LSI_FC - ok
01:54:14.0777 3908 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
01:54:14.0803 3908 LSI_SAS - ok
01:54:14.0889 3908 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
01:54:14.0917 3908 LSI_SCSI - ok
01:54:14.0947 3908 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
01:54:15.0034 3908 luafv - ok
01:54:15.0183 3908 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
01:54:15.0205 3908 megasas - ok
01:54:15.0290 3908 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
01:54:15.0415 3908 Modem - ok
01:54:16.0445 3908 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
01:54:16.0552 3908 monitor - ok
01:54:16.0688 3908 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
01:54:16.0758 3908 mouclass - ok
01:54:16.0849 3908 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
01:54:16.0952 3908 mouhid - ok
01:54:17.0006 3908 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
01:54:17.0038 3908 MountMgr - ok
01:54:17.0093 3908 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
01:54:17.0233 3908 MpFilter - ok
01:54:17.0293 3908 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
01:54:17.0364 3908 mpio - ok
01:54:17.0440 3908 MpKsl09952ef0 - ok
01:54:17.0483 3908 MpKsl1ce0517c - ok
01:54:17.0572 3908 MpKsl2e8a59be - ok
01:54:17.0597 3908 MpKsl2fcfde35 - ok
01:54:17.0608 3908 MpKsl408b2f9b - ok
01:54:17.0634 3908 MpKsl4eb53418 - ok
01:54:17.0645 3908 MpKsl5a9698c0 - ok
01:54:17.0654 3908 MpKsl70fa2d21 - ok
01:54:17.0666 3908 MpKsl7379d252 - ok
01:54:17.0677 3908 MpKsl8081cd3d - ok
01:54:17.0690 3908 MpKsl912dc92a - ok
01:54:17.0700 3908 MpKsla42d33f8 - ok
01:54:17.0715 3908 MpKsla45d8283 - ok
01:54:17.0725 3908 MpKsla9af59df - ok
01:54:17.0734 3908 MpKslad1b5829 - ok
01:54:17.0780 3908 MpKslbcabd8bd - ok
01:54:17.0791 3908 MpKslbd4218eb - ok
01:54:17.0811 3908 MpKslbdff761a - ok
01:54:17.0823 3908 MpKslc2eabbbc - ok
01:54:17.0834 3908 MpKslc66d7081 - ok
01:54:17.0843 3908 MpKslc70a5496 - ok
01:54:17.0854 3908 MpKslcde93f29 - ok
01:54:17.0970 3908 MpKsld03a2148 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C28AE4ED-1A33-4865-B7FD-845C81E6C1BA}\MpKsld03a2148.sys
01:54:18.0006 3908 MpKsld03a2148 - ok
01:54:18.0027 3908 MpKsld549ee49 - ok
01:54:18.0050 3908 MpKsld56e7856 - ok
01:54:18.0071 3908 MpKsld7826e40 - ok
01:54:18.0117 3908 MpKslda51f98e - ok
01:54:18.0129 3908 MpKsldd103044 - ok
01:54:18.0146 3908 MpKsldd36b19c - ok
01:54:18.0159 3908 MpKsleea75b4b - ok
01:54:18.0175 3908 MpKslf72a38a6 - ok
01:54:18.0192 3908 MpKslf73c62d6 - ok
01:54:18.0290 3908 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
01:54:18.0322 3908 MpNWMon - ok
01:54:18.0380 3908 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
01:54:18.0486 3908 mpsdrv - ok
01:54:18.0539 3908 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:54:18.0560 3908 Mraid35x - ok
01:54:18.0605 3908 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
01:54:18.0696 3908 MRxDAV - ok
01:54:18.0729 3908 mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:54:18.0795 3908 mrxsmb - ok
01:54:18.0841 3908 mrxsmb10 (2bbd3970018270d2c6a0b069f568154e) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:54:18.0955 3908 mrxsmb10 - ok
01:54:18.0993 3908 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:54:19.0084 3908 mrxsmb20 - ok
01:54:19.0146 3908 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
01:54:19.0167 3908 msahci - ok
01:54:19.0209 3908 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
01:54:19.0236 3908 msdsm - ok
01:54:19.0286 3908 MSDV (810b16faa4673e09ce0f6a1ee9ed96ee) C:\Windows\system32\DRIVERS\msdv.sys
01:54:19.0397 3908 MSDV - ok
01:54:19.0491 3908 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
01:54:19.0641 3908 Msfs - ok
01:54:19.0844 3908 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
01:54:19.0942 3908 msisadrv - ok
01:54:20.0159 3908 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
01:54:20.0271 3908 MSKSSRV - ok
01:54:20.0374 3908 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
01:54:20.0461 3908 MSPCLOCK - ok
01:54:20.0512 3908 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
01:54:20.0647 3908 MSPQM - ok
01:54:21.0228 3908 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
01:54:21.0267 3908 MsRPC - ok
01:54:21.0368 3908 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
01:54:21.0424 3908 mssmbios - ok
01:54:21.0527 3908 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
01:54:21.0688 3908 MSTEE - ok
01:54:21.0842 3908 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
01:54:21.0868 3908 Mup - ok
01:54:21.0968 3908 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\Windows\system32\DRIVERS\mxopswd.sys
01:54:22.0082 3908 MXOPSWD - ok
01:54:22.0157 3908 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
01:54:22.0318 3908 NativeWifiP - ok
01:54:22.0370 3908 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
01:54:22.0582 3908 NDIS - ok
01:54:22.0701 3908 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
01:54:22.0815 3908 NdisTapi - ok
01:54:22.0984 3908 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
01:54:23.0098 3908 Ndisuio - ok
01:54:23.0257 3908 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
01:54:23.0454 3908 NdisWan - ok
01:54:23.0540 3908 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
01:54:23.0687 3908 NDProxy - ok
01:54:23.0912 3908 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
01:54:24.0146 3908 NetBIOS - ok
01:54:24.0261 3908 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
01:54:24.0382 3908 netbt - ok
01:54:24.0858 3908 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
01:54:25.0104 3908 NETw4v32 - ok
01:54:25.0217 3908 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:54:25.0240 3908 nfrd960 - ok
01:54:25.0325 3908 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
01:54:25.0437 3908 nmwcd - ok
01:54:25.0475 3908 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
01:54:25.0555 3908 nmwcdc - ok
01:54:25.0702 3908 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
01:54:25.0798 3908 Npfs - ok
01:54:25.0823 3908 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
01:54:25.0906 3908 nsiproxy - ok
01:54:25.0958 3908 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
01:54:26.0190 3908 Ntfs - ok
01:54:26.0234 3908 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:54:26.0328 3908 ntrigdigi - ok
01:54:26.0380 3908 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
01:54:26.0439 3908 Null - ok
01:54:26.0736 3908 nvlddmkm (1e4292406ebb5224cb1124fbd272ade3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:54:27.0233 3908 nvlddmkm - ok
01:54:27.0347 3908 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
01:54:27.0387 3908 nvraid - ok
01:54:27.0417 3908 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
01:54:27.0524 3908 nvstor - ok
01:54:27.0577 3908 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
01:54:27.0635 3908 nv_agp - ok
01:54:27.0648 3908 NwlnkFlt - ok
01:54:27.0668 3908 NwlnkFwd - ok
01:54:27.0733 3908 OEM02Dev (f95440e0780826417624e66a9171bfb7) C:\Windows\system32\DRIVERS\OEM02Dev.sys
01:54:27.0801 3908 OEM02Dev - ok
01:54:27.0850 3908 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
01:54:27.0901 3908 OEM02Vfx - ok
01:54:27.0964 3908 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
01:54:28.0105 3908 ohci1394 - ok
01:54:28.0167 3908 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:54:28.0233 3908 Parport - ok
01:54:28.0254 3908 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
01:54:28.0279 3908 partmgr - ok
01:54:28.0306 3908 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:54:28.0395 3908 Parvdm - ok
01:54:28.0457 3908 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
01:54:28.0549 3908 pccsmcfd - ok
01:54:28.0586 3908 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
01:54:28.0635 3908 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
01:54:28.0699 3908 pci - ok
01:54:28.0753 3908 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
01:54:28.0777 3908 pciide - ok
01:54:28.0810 3908 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
01:54:28.0847 3908 pcmcia - ok
01:54:28.0909 3908 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:54:29.0104 3908 PEAUTH - ok
01:54:29.0238 3908 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
01:54:29.0301 3908 PptpMiniport - ok
01:54:29.0326 3908 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
01:54:29.0435 3908 Processor - ok
01:54:29.0498 3908 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
01:54:29.0618 3908 PSched - ok
01:54:29.0694 3908 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
01:54:29.0735 3908 PxHelp20 - ok
01:54:29.0797 3908 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
01:54:29.0910 3908 ql2300 - ok
01:54:29.0946 3908 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:54:29.0986 3908 ql40xx - ok
01:54:30.0021 3908 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
01:54:30.0080 3908 QWAVEdrv - ok
01:54:30.0122 3908 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
01:54:30.0255 3908 RasAcd - ok
01:54:30.0310 3908 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:54:30.0419 3908 Rasl2tp - ok
01:54:30.0464 3908 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
01:54:30.0548 3908 RasPppoe - ok
01:54:30.0588 3908 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
01:54:30.0700 3908 rdbss - ok
01:54:30.0732 3908 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:54:30.0820 3908 RDPCDD - ok
01:54:30.0870 3908 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
01:54:30.0992 3908 rdpdr - ok
01:54:31.0009 3908 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
01:54:31.0103 3908 RDPENCDD - ok
01:54:31.0150 3908 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
01:54:31.0273 3908 RDPWD - ok
01:54:31.0349 3908 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
01:54:31.0454 3908 RFCOMM - ok
01:54:31.0511 3908 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
01:54:31.0614 3908 rimmptsk - ok
01:54:31.0654 3908 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
01:54:31.0689 3908 rimsptsk - ok
01:54:31.0789 3908 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
01:54:31.0831 3908 rismxdp - ok
01:54:31.0885 3908 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
01:54:31.0961 3908 rspndr - ok
01:54:31.0999 3908 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:54:32.0028 3908 sbp2port - ok
01:54:32.0067 3908 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
01:54:32.0151 3908 sdbus - ok
01:54:32.0181 3908 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:54:32.0282 3908 secdrv - ok
01:54:32.0329 3908 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:54:32.0425 3908 Serenum - ok
01:54:32.0462 3908 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:54:32.0600 3908 Serial - ok
01:54:32.0656 3908 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
01:54:32.0708 3908 sermouse - ok
01:54:32.0779 3908 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\DRIVERS\sffdisk.sys
01:54:32.0879 3908 sffdisk - ok
01:54:32.0908 3908 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
01:54:33.0002 3908 sffp_mmc - ok
01:54:33.0046 3908 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\DRIVERS\sffp_sd.sys
01:54:33.0130 3908 sffp_sd - ok
01:54:33.0158 3908 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:54:33.0274 3908 sfloppy - ok
01:54:33.0355 3908 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
01:54:33.0386 3908 sisagp - ok
01:54:33.0415 3908 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
01:54:33.0455 3908 SiSRaid2 - ok
01:54:33.0497 3908 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
01:54:33.0521 3908 SiSRaid4 - ok
01:54:33.0564 3908 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
01:54:33.0670 3908 Smb - ok
01:54:33.0721 3908 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
01:54:33.0742 3908 spldr - ok
01:54:33.0910 3908 srv (c962e98179e54b769028c025c7e470a5) C:\Windows\system32\DRIVERS\srv.sys
01:54:34.0116 3908 srv - ok
01:54:34.0570 3908 srv2 (e8c4d5bca3c7b5c2a040052aa467b5bf) C:\Windows\system32\DRIVERS\srv2.sys
01:54:34.0744 3908 srv2 - ok
01:54:34.0978 3908 srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
01:54:35.0145 3908 srvnet - ok
01:54:36.0371 3908 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
01:54:37.0079 3908 STHDA - ok
01:54:37.0884 3908 StillCam (7a95b5deb594616f1693486b8161411e) C:\Windows\system32\DRIVERS\serscan.sys
01:54:38.0148 3908 StillCam - ok
01:54:40.0894 3908 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
01:54:41.0154 3908 swenum - ok
01:54:41.0496 3908 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:54:41.0903 3908 Symc8xx - ok
01:54:42.0061 3908 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:54:42.0138 3908 Sym_hi - ok
01:54:42.0264 3908 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:54:42.0344 3908 Sym_u3 - ok
01:54:42.0576 3908 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
01:54:42.0774 3908 SynTP - ok
01:54:43.0152 3908 Tcpip (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\drivers\tcpip.sys
01:54:43.0651 3908 Tcpip - ok
01:54:44.0117 3908 Tcpip6 (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\DRIVERS\tcpip.sys
01:54:44.0344 3908 Tcpip6 - ok
01:54:44.0477 3908 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
01:54:44.0628 3908 tcpipreg - ok
01:54:44.0688 3908 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
01:54:44.0871 3908 TDPIPE - ok
01:54:44.0931 3908 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
01:54:45.0258 3908 TDTCP - ok
01:54:45.0402 3908 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
01:54:45.0559 3908 tdx - ok
01:54:46.0328 3908 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
01:54:46.0374 3908 TermDD - ok
01:54:47.0006 3908 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
01:54:48.0261 3908 TrueSight ( UnsignedFile.Multi.Generic ) - warning
01:54:48.0261 3908 TrueSight - detected UnsignedFile.Multi.Generic (1)
01:54:48.0458 3908 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:54:48.0564 3908 tssecsrv - ok
01:54:48.0686 3908 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
01:54:48.0778 3908 tunmp - ok
01:54:48.0972 3908 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
01:54:49.0013 3908 tunnel - ok
01:54:49.0072 3908 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
01:54:49.0127 3908 uagp35 - ok
01:54:49.0193 3908 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
01:54:49.0329 3908 udfs - ok
01:54:49.0528 3908 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
01:54:49.0580 3908 uliagpkx - ok
01:54:49.0702 3908 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
01:54:49.0748 3908 uliahci - ok
01:54:49.0773 3908 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:54:49.0821 3908 UlSata - ok
01:54:49.0865 3908 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:54:49.0928 3908 ulsata2 - ok
01:54:49.0979 3908 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
01:54:50.0102 3908 umbus - ok
01:54:50.0212 3908 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
01:54:50.0297 3908 upperdev - ok
01:54:50.0472 3908 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
01:54:50.0508 3908 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
01:54:50.0508 3908 USBAAPL - detected UnsignedFile.Multi.Generic (1)
01:54:50.0567 3908 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
01:54:50.0724 3908 usbccgp - ok
01:54:50.0831 3908 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:54:50.0937 3908 usbcir - ok
01:54:51.0059 3908 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
01:54:51.0160 3908 usbehci - ok
01:54:51.0203 3908 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
01:54:51.0330 3908 usbhub - ok
01:54:51.0364 3908 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
01:54:51.0507 3908 usbohci - ok
01:54:51.0635 3908 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
01:54:51.0772 3908 usbprint - ok
01:54:51.0808 3908 usbser (c0488cc01a1c686b08a3d360c7f50324) C:\Windows\system32\drivers\usbser.sys
01:54:51.0901 3908 usbser - ok
01:54:51.0945 3908 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
01:54:51.0991 3908 UsbserFilt - ok
01:54:52.0029 3908 USBSTOR (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:54:52.0105 3908 USBSTOR - ok
01:54:52.0141 3908 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
01:54:52.0206 3908 usbuhci - ok
01:54:52.0278 3908 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
01:54:52.0345 3908 usbvideo - ok
01:54:52.0396 3908 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
01:54:52.0489 3908 vga - ok
01:54:52.0544 3908 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
01:54:52.0615 3908 VgaSave - ok
01:54:52.0649 3908 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
01:54:52.0699 3908 viaagp - ok
01:54:52.0743 3908 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
01:54:52.0809 3908 ViaC7 - ok
01:54:52.0860 3908 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
01:54:52.0881 3908 viaide - ok
01:54:52.0907 3908 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
01:54:52.0935 3908 volmgr - ok
01:54:52.0956 3908 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
01:54:53.0000 3908 volmgrx - ok
01:54:53.0033 3908 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
01:54:53.0066 3908 volsnap - ok
01:54:53.0158 3908 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
01:54:53.0186 3908 vsmraid - ok
01:54:53.0246 3908 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:54:53.0313 3908 WacomPen - ok
01:54:53.0410 3908 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
01:54:53.0525 3908 Wanarp - ok
01:54:53.0538 3908 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
01:54:53.0612 3908 Wanarpv6 - ok
01:54:53.0706 3908 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
01:54:53.0731 3908 Wd - ok
01:54:53.0795 3908 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
01:54:53.0884 3908 Wdf01000 - ok
01:54:53.0998 3908 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:54:54.0064 3908 WmiAcpi - ok
01:54:54.0135 3908 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
01:54:54.0216 3908 WpdUsb - ok
01:54:54.0264 3908 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
01:54:54.0361 3908 ws2ifsl - ok
01:54:54.0454 3908 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
01:54:54.0576 3908 WudfPf - ok
01:54:54.0621 3908 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:54:54.0686 3908 WUDFRd - ok
01:54:54.0773 3908 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:54:55.0068 3908 \Device\Harddisk0\DR0 - ok
01:54:55.0149 3908 Boot (0x1200) (280b5b43ac26b935322c4cb2edf45bcf) \Device\Harddisk0\DR0\Partition0
01:54:55.0151 3908 \Device\Harddisk0\DR0\Partition0 - ok
01:54:55.0154 3908 Boot (0x1200) (4e6c319903e356c9e85e3211c8ef66e9) \Device\Harddisk0\DR0\Partition1
01:54:55.0156 3908 \Device\Harddisk0\DR0\Partition1 - ok
01:54:55.0168 3908 ============================================================
01:54:55.0168 3908 Scan finished
01:54:55.0168 3908 ============================================================
01:54:55.0181 6056 Detected object count: 2
01:54:55.0182 6056 Actual detected object count: 2
02:02:08.0082 6056 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:08.0082 6056 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:08.0085 6056 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:08.0086 6056 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:03:26.0498 4100 Deinitialize success
01:52:51.0686 5928 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
01:52:52.0199 5928 ============================================================
01:52:52.0199 5928 Current date / time: 2012/01/07 01:52:52.0199
01:52:52.0199 5928 SystemInfo:
01:52:52.0199 5928
01:52:52.0199 5928 OS Version: 6.0.6000 ServicePack: 0.0
01:52:52.0199 5928 Product type: Workstation
01:52:52.0199 5928 ComputerName: KC03
01:52:52.0200 5928 UserName: Kwong
01:52:52.0200 5928 Windows directory: C:\Windows
01:52:52.0200 5928 System windows directory: C:\Windows
01:52:52.0200 5928 Processor architecture: Intel x86
01:52:52.0200 5928 Number of processors: 2
01:52:52.0200 5928 Page size: 0x1000
01:52:52.0200 5928 Boot type: Normal boot
01:52:52.0200 5928 ============================================================
01:53:00.0193 5928 Initialize success
01:53:59.0714 3908 ============================================================
01:53:59.0714 3908 Scan started
01:53:59.0715 3908 Mode: Manual; SigCheck; TDLFS;
01:53:59.0715 3908 ============================================================
01:54:00.0980 3908 61883 (45ef15ee13010fd53ed870fd240fa929) C:\Windows\system32\DRIVERS\61883.sys
01:54:01.0264 3908 61883 - ok
01:54:01.0377 3908 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
01:54:01.0513 3908 ACPI - ok
01:54:01.0664 3908 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
01:54:01.0711 3908 adp94xx - ok
01:54:01.0877 3908 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
01:54:01.0966 3908 adpahci - ok
01:54:02.0005 3908 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
01:54:02.0039 3908 adpu160m - ok
01:54:02.0074 3908 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
01:54:02.0113 3908 adpu320 - ok
01:54:02.0200 3908 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
01:54:02.0396 3908 AFD - ok
01:54:02.0499 3908 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
01:54:02.0545 3908 agp440 - ok
01:54:02.0575 3908 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:54:02.0623 3908 aic78xx - ok
01:54:02.0660 3908 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
01:54:02.0709 3908 aliide - ok
01:54:02.0750 3908 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
01:54:02.0776 3908 amdagp - ok
01:54:02.0802 3908 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
01:54:02.0821 3908 amdide - ok
01:54:02.0868 3908 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
01:54:02.0985 3908 AmdK7 - ok
01:54:03.0017 3908 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
01:54:03.0150 3908 AmdK8 - ok
01:54:03.0208 3908 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
01:54:03.0234 3908 arc - ok
01:54:03.0262 3908 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
01:54:03.0306 3908 arcsas - ok
01:54:03.0350 3908 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
01:54:03.0462 3908 AsyncMac - ok
01:54:03.0519 3908 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
01:54:03.0557 3908 atapi - ok
01:54:03.0637 3908 Avc (18c8269be7f0f65a2efc5b408d4a17df) C:\Windows\system32\DRIVERS\avc.sys
01:54:03.0745 3908 Avc - ok
01:54:03.0801 3908 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
01:54:03.0946 3908 b57nd60x - ok
01:54:04.0070 3908 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
01:54:04.0153 3908 Beep - ok
01:54:04.0216 3908 blbdrive - ok
01:54:04.0259 3908 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
01:54:04.0349 3908 bowser - ok
01:54:04.0397 3908 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:54:04.0553 3908 BrFiltLo - ok
01:54:04.0605 3908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:54:04.0768 3908 BrFiltUp - ok
01:54:04.0819 3908 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:54:04.0987 3908 Brserid - ok
01:54:05.0030 3908 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:54:05.0183 3908 BrSerWdm - ok
01:54:05.0265 3908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:54:05.0363 3908 BrUsbMdm - ok
01:54:05.0403 3908 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:54:05.0490 3908 BrUsbSer - ok
01:54:05.0562 3908 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
01:54:05.0638 3908 BthEnum - ok
01:54:05.0683 3908 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
01:54:05.0786 3908 BTHMODEM - ok
01:54:05.0837 3908 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
01:54:05.0973 3908 BthPan - ok
01:54:06.0036 3908 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
01:54:06.0089 3908 BTHPORT - ok
01:54:06.0105 3908 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
01:54:06.0146 3908 BTHUSB - ok
01:54:06.0200 3908 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\Windows\system32\drivers\btwaudio.sys
01:54:06.0292 3908 btwaudio - ok
01:54:06.0327 3908 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\drivers\btwavdt.sys
01:54:06.0385 3908 btwavdt - ok
01:54:06.0440 3908 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
01:54:06.0510 3908 btwl2cap - ok
01:54:06.0585 3908 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
01:54:06.0625 3908 btwrchid - ok
01:54:06.0647 3908 catchme - ok
01:54:06.0697 3908 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
01:54:06.0842 3908 cdfs - ok
01:54:06.0894 3908 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
01:54:06.0999 3908 cdrom - ok
01:54:07.0018 3908 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
01:54:07.0081 3908 circlass - ok
01:54:07.0119 3908 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
01:54:07.0202 3908 CLFS - ok
01:54:07.0285 3908 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
01:54:07.0380 3908 CmBatt - ok
01:54:07.0425 3908 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
01:54:07.0446 3908 cmdide - ok
01:54:07.0480 3908 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
01:54:07.0509 3908 Compbatt - ok
01:54:07.0531 3908 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
01:54:07.0555 3908 crcdisk - ok
01:54:07.0602 3908 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
01:54:07.0699 3908 Crusoe - ok
01:54:07.0746 3908 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
01:54:07.0842 3908 DfsC - ok
01:54:07.0935 3908 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
01:54:07.0960 3908 disk - ok
01:54:08.0027 3908 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
01:54:08.0132 3908 drmkaud - ok
01:54:08.0184 3908 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
01:54:08.0371 3908 DXGKrnl - ok
01:54:08.0431 3908 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:54:08.0546 3908 E1G60 - ok
01:54:08.0650 3908 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
01:54:08.0710 3908 Ecache - ok
01:54:08.0795 3908 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\Windows\system32\drivers\rsdrv.sys
01:54:08.0846 3908 ElRawDisk - ok
01:54:08.0900 3908 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
01:54:08.0951 3908 elxstor - ok
01:54:09.0019 3908 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
01:54:09.0142 3908 fastfat - ok
01:54:09.0177 3908 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
01:54:09.0260 3908 fdc - ok
01:54:09.0300 3908 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
01:54:09.0338 3908 FileInfo - ok
01:54:09.0363 3908 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
01:54:09.0474 3908 Filetrace - ok
01:54:09.0512 3908 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
01:54:09.0607 3908 flpydisk - ok
01:54:09.0644 3908 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
01:54:09.0713 3908 FltMgr - ok
01:54:09.0765 3908 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
01:54:09.0843 3908 Fs_Rec - ok
01:54:09.0866 3908 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
01:54:09.0935 3908 gagp30kx - ok
01:54:10.0007 3908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:54:10.0059 3908 GEARAspiWDM - ok
01:54:10.0366 3908 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
01:54:10.0553 3908 HdAudAddService - ok
01:54:10.0952 3908 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:54:11.0114 3908 HDAudBus - ok
01:54:11.0211 3908 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:54:11.0373 3908 HidBth - ok
01:54:11.0649 3908 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:54:11.0752 3908 HidIr - ok
01:54:11.0870 3908 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
01:54:11.0971 3908 HidUsb - ok
01:54:12.0041 3908 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
01:54:12.0072 3908 HpCISSs - ok
01:54:12.0184 3908 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
01:54:12.0322 3908 HTTP - ok
01:54:12.0376 3908 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
01:54:12.0400 3908 i2omp - ok
01:54:12.0455 3908 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
01:54:12.0532 3908 i8042prt - ok
01:54:12.0576 3908 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
01:54:12.0613 3908 iaStor - ok
01:54:12.0643 3908 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
01:54:12.0711 3908 iaStorV - ok
01:54:12.0759 3908 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:54:12.0787 3908 iirsp - ok
01:54:12.0857 3908 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
01:54:12.0877 3908 intelide - ok
01:54:12.0913 3908 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
01:54:13.0020 3908 intelppm - ok
01:54:13.0080 3908 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:54:13.0177 3908 IpFilterDriver - ok
01:54:13.0198 3908 IpInIp - ok
01:54:13.0241 3908 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
01:54:13.0340 3908 IPMIDRV - ok
01:54:13.0369 3908 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
01:54:13.0506 3908 IPNAT - ok
01:54:13.0551 3908 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
01:54:13.0641 3908 IRENUM - ok
01:54:13.0681 3908 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
01:54:13.0725 3908 isapnp - ok
01:54:13.0768 3908 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
01:54:13.0822 3908 iScsiPrt - ok
01:54:13.0872 3908 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:54:13.0897 3908 iteatapi - ok
01:54:13.0930 3908 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:54:13.0956 3908 iteraid - ok
01:54:13.0998 3908 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
01:54:14.0023 3908 kbdclass - ok
01:54:14.0058 3908 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
01:54:14.0118 3908 kbdhid - ok
01:54:14.0168 3908 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
01:54:14.0229 3908 KSecDD - ok
01:54:14.0351 3908 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
01:54:14.0445 3908 Lbd - ok
01:54:14.0513 3908 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
01:54:14.0626 3908 lltdio - ok
01:54:14.0703 3908 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
01:54:14.0731 3908 LSI_FC - ok
01:54:14.0777 3908 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
01:54:14.0803 3908 LSI_SAS - ok
01:54:14.0889 3908 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
01:54:14.0917 3908 LSI_SCSI - ok
01:54:14.0947 3908 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
01:54:15.0034 3908 luafv - ok
01:54:15.0183 3908 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
01:54:15.0205 3908 megasas - ok
01:54:15.0290 3908 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
01:54:15.0415 3908 Modem - ok
01:54:16.0445 3908 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
01:54:16.0552 3908 monitor - ok
01:54:16.0688 3908 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
01:54:16.0758 3908 mouclass - ok
01:54:16.0849 3908 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
01:54:16.0952 3908 mouhid - ok
01:54:17.0006 3908 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
01:54:17.0038 3908 MountMgr - ok
01:54:17.0093 3908 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
01:54:17.0233 3908 MpFilter - ok
01:54:17.0293 3908 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
01:54:17.0364 3908 mpio - ok
01:54:17.0440 3908 MpKsl09952ef0 - ok
01:54:17.0483 3908 MpKsl1ce0517c - ok
01:54:17.0572 3908 MpKsl2e8a59be - ok
01:54:17.0597 3908 MpKsl2fcfde35 - ok
01:54:17.0608 3908 MpKsl408b2f9b - ok
01:54:17.0634 3908 MpKsl4eb53418 - ok
01:54:17.0645 3908 MpKsl5a9698c0 - ok
01:54:17.0654 3908 MpKsl70fa2d21 - ok
01:54:17.0666 3908 MpKsl7379d252 - ok
01:54:17.0677 3908 MpKsl8081cd3d - ok
01:54:17.0690 3908 MpKsl912dc92a - ok
01:54:17.0700 3908 MpKsla42d33f8 - ok
01:54:17.0715 3908 MpKsla45d8283 - ok
01:54:17.0725 3908 MpKsla9af59df - ok
01:54:17.0734 3908 MpKslad1b5829 - ok
01:54:17.0780 3908 MpKslbcabd8bd - ok
01:54:17.0791 3908 MpKslbd4218eb - ok
01:54:17.0811 3908 MpKslbdff761a - ok
01:54:17.0823 3908 MpKslc2eabbbc - ok
01:54:17.0834 3908 MpKslc66d7081 - ok
01:54:17.0843 3908 MpKslc70a5496 - ok
01:54:17.0854 3908 MpKslcde93f29 - ok
01:54:17.0970 3908 MpKsld03a2148 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C28AE4ED-1A33-4865-B7FD-845C81E6C1BA}\MpKsld03a2148.sys
01:54:18.0006 3908 MpKsld03a2148 - ok
01:54:18.0027 3908 MpKsld549ee49 - ok
01:54:18.0050 3908 MpKsld56e7856 - ok
01:54:18.0071 3908 MpKsld7826e40 - ok
01:54:18.0117 3908 MpKslda51f98e - ok
01:54:18.0129 3908 MpKsldd103044 - ok
01:54:18.0146 3908 MpKsldd36b19c - ok
01:54:18.0159 3908 MpKsleea75b4b - ok
01:54:18.0175 3908 MpKslf72a38a6 - ok
01:54:18.0192 3908 MpKslf73c62d6 - ok
01:54:18.0290 3908 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
01:54:18.0322 3908 MpNWMon - ok
01:54:18.0380 3908 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
01:54:18.0486 3908 mpsdrv - ok
01:54:18.0539 3908 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:54:18.0560 3908 Mraid35x - ok
01:54:18.0605 3908 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
01:54:18.0696 3908 MRxDAV - ok
01:54:18.0729 3908 mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:54:18.0795 3908 mrxsmb - ok
01:54:18.0841 3908 mrxsmb10 (2bbd3970018270d2c6a0b069f568154e) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:54:18.0955 3908 mrxsmb10 - ok
01:54:18.0993 3908 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:54:19.0084 3908 mrxsmb20 - ok
01:54:19.0146 3908 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
01:54:19.0167 3908 msahci - ok
01:54:19.0209 3908 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
01:54:19.0236 3908 msdsm - ok
01:54:19.0286 3908 MSDV (810b16faa4673e09ce0f6a1ee9ed96ee) C:\Windows\system32\DRIVERS\msdv.sys
01:54:19.0397 3908 MSDV - ok
01:54:19.0491 3908 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
01:54:19.0641 3908 Msfs - ok
01:54:19.0844 3908 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
01:54:19.0942 3908 msisadrv - ok
01:54:20.0159 3908 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
01:54:20.0271 3908 MSKSSRV - ok
01:54:20.0374 3908 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
01:54:20.0461 3908 MSPCLOCK - ok
01:54:20.0512 3908 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
01:54:20.0647 3908 MSPQM - ok
01:54:21.0228 3908 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
01:54:21.0267 3908 MsRPC - ok
01:54:21.0368 3908 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
01:54:21.0424 3908 mssmbios - ok
01:54:21.0527 3908 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
01:54:21.0688 3908 MSTEE - ok
01:54:21.0842 3908 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
01:54:21.0868 3908 Mup - ok
01:54:21.0968 3908 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\Windows\system32\DRIVERS\mxopswd.sys
01:54:22.0082 3908 MXOPSWD - ok
01:54:22.0157 3908 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
01:54:22.0318 3908 NativeWifiP - ok
01:54:22.0370 3908 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
01:54:22.0582 3908 NDIS - ok
01:54:22.0701 3908 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
01:54:22.0815 3908 NdisTapi - ok
01:54:22.0984 3908 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
01:54:23.0098 3908 Ndisuio - ok
01:54:23.0257 3908 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
01:54:23.0454 3908 NdisWan - ok
01:54:23.0540 3908 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
01:54:23.0687 3908 NDProxy - ok
01:54:23.0912 3908 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
01:54:24.0146 3908 NetBIOS - ok
01:54:24.0261 3908 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
01:54:24.0382 3908 netbt - ok
01:54:24.0858 3908 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
01:54:25.0104 3908 NETw4v32 - ok
01:54:25.0217 3908 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:54:25.0240 3908 nfrd960 - ok
01:54:25.0325 3908 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
01:54:25.0437 3908 nmwcd - ok
01:54:25.0475 3908 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
01:54:25.0555 3908 nmwcdc - ok
01:54:25.0702 3908 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
01:54:25.0798 3908 Npfs - ok
01:54:25.0823 3908 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
01:54:25.0906 3908 nsiproxy - ok
01:54:25.0958 3908 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
01:54:26.0190 3908 Ntfs - ok
01:54:26.0234 3908 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:54:26.0328 3908 ntrigdigi - ok
01:54:26.0380 3908 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
01:54:26.0439 3908 Null - ok
01:54:26.0736 3908 nvlddmkm (1e4292406ebb5224cb1124fbd272ade3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:54:27.0233 3908 nvlddmkm - ok
01:54:27.0347 3908 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
01:54:27.0387 3908 nvraid - ok
01:54:27.0417 3908 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
01:54:27.0524 3908 nvstor - ok
01:54:27.0577 3908 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
01:54:27.0635 3908 nv_agp - ok
01:54:27.0648 3908 NwlnkFlt - ok
01:54:27.0668 3908 NwlnkFwd - ok
01:54:27.0733 3908 OEM02Dev (f95440e0780826417624e66a9171bfb7) C:\Windows\system32\DRIVERS\OEM02Dev.sys
01:54:27.0801 3908 OEM02Dev - ok
01:54:27.0850 3908 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
01:54:27.0901 3908 OEM02Vfx - ok
01:54:27.0964 3908 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
01:54:28.0105 3908 ohci1394 - ok
01:54:28.0167 3908 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:54:28.0233 3908 Parport - ok
01:54:28.0254 3908 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
01:54:28.0279 3908 partmgr - ok
01:54:28.0306 3908 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:54:28.0395 3908 Parvdm - ok
01:54:28.0457 3908 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
01:54:28.0549 3908 pccsmcfd - ok
01:54:28.0586 3908 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
01:54:28.0635 3908 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
01:54:28.0699 3908 pci - ok
01:54:28.0753 3908 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
01:54:28.0777 3908 pciide - ok
01:54:28.0810 3908 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
01:54:28.0847 3908 pcmcia - ok
01:54:28.0909 3908 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:54:29.0104 3908 PEAUTH - ok
01:54:29.0238 3908 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
01:54:29.0301 3908 PptpMiniport - ok
01:54:29.0326 3908 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
01:54:29.0435 3908 Processor - ok
01:54:29.0498 3908 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
01:54:29.0618 3908 PSched - ok
01:54:29.0694 3908 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
01:54:29.0735 3908 PxHelp20 - ok
01:54:29.0797 3908 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
01:54:29.0910 3908 ql2300 - ok
01:54:29.0946 3908 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:54:29.0986 3908 ql40xx - ok
01:54:30.0021 3908 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
01:54:30.0080 3908 QWAVEdrv - ok
01:54:30.0122 3908 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
01:54:30.0255 3908 RasAcd - ok
01:54:30.0310 3908 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:54:30.0419 3908 Rasl2tp - ok
01:54:30.0464 3908 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
01:54:30.0548 3908 RasPppoe - ok
01:54:30.0588 3908 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
01:54:30.0700 3908 rdbss - ok
01:54:30.0732 3908 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:54:30.0820 3908 RDPCDD - ok
01:54:30.0870 3908 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
01:54:30.0992 3908 rdpdr - ok
01:54:31.0009 3908 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
01:54:31.0103 3908 RDPENCDD - ok
01:54:31.0150 3908 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
01:54:31.0273 3908 RDPWD - ok
01:54:31.0349 3908 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
01:54:31.0454 3908 RFCOMM - ok
01:54:31.0511 3908 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
01:54:31.0614 3908 rimmptsk - ok
01:54:31.0654 3908 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
01:54:31.0689 3908 rimsptsk - ok
01:54:31.0789 3908 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
01:54:31.0831 3908 rismxdp - ok
01:54:31.0885 3908 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
01:54:31.0961 3908 rspndr - ok
01:54:31.0999 3908 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:54:32.0028 3908 sbp2port - ok
01:54:32.0067 3908 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
01:54:32.0151 3908 sdbus - ok
01:54:32.0181 3908 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:54:32.0282 3908 secdrv - ok
01:54:32.0329 3908 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:54:32.0425 3908 Serenum - ok
01:54:32.0462 3908 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:54:32.0600 3908 Serial - ok
01:54:32.0656 3908 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
01:54:32.0708 3908 sermouse - ok
01:54:32.0779 3908 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\DRIVERS\sffdisk.sys
01:54:32.0879 3908 sffdisk - ok
01:54:32.0908 3908 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
01:54:33.0002 3908 sffp_mmc - ok
01:54:33.0046 3908 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\DRIVERS\sffp_sd.sys
01:54:33.0130 3908 sffp_sd - ok
01:54:33.0158 3908 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:54:33.0274 3908 sfloppy - ok
01:54:33.0355 3908 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
01:54:33.0386 3908 sisagp - ok
01:54:33.0415 3908 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
01:54:33.0455 3908 SiSRaid2 - ok
01:54:33.0497 3908 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
01:54:33.0521 3908 SiSRaid4 - ok
01:54:33.0564 3908 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
01:54:33.0670 3908 Smb - ok
01:54:33.0721 3908 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
01:54:33.0742 3908 spldr - ok
01:54:33.0910 3908 srv (c962e98179e54b769028c025c7e470a5) C:\Windows\system32\DRIVERS\srv.sys
01:54:34.0116 3908 srv - ok
01:54:34.0570 3908 srv2 (e8c4d5bca3c7b5c2a040052aa467b5bf) C:\Windows\system32\DRIVERS\srv2.sys
01:54:34.0744 3908 srv2 - ok
01:54:34.0978 3908 srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
01:54:35.0145 3908 srvnet - ok
01:54:36.0371 3908 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
01:54:37.0079 3908 STHDA - ok
01:54:37.0884 3908 StillCam (7a95b5deb594616f1693486b8161411e) C:\Windows\system32\DRIVERS\serscan.sys
01:54:38.0148 3908 StillCam - ok
01:54:40.0894 3908 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
01:54:41.0154 3908 swenum - ok
01:54:41.0496 3908 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:54:41.0903 3908 Symc8xx - ok
01:54:42.0061 3908 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:54:42.0138 3908 Sym_hi - ok
01:54:42.0264 3908 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:54:42.0344 3908 Sym_u3 - ok
01:54:42.0576 3908 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
01:54:42.0774 3908 SynTP - ok
01:54:43.0152 3908 Tcpip (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\drivers\tcpip.sys
01:54:43.0651 3908 Tcpip - ok
01:54:44.0117 3908 Tcpip6 (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\DRIVERS\tcpip.sys
01:54:44.0344 3908 Tcpip6 - ok
01:54:44.0477 3908 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
01:54:44.0628 3908 tcpipreg - ok
01:54:44.0688 3908 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
01:54:44.0871 3908 TDPIPE - ok
01:54:44.0931 3908 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
01:54:45.0258 3908 TDTCP - ok
01:54:45.0402 3908 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
01:54:45.0559 3908 tdx - ok
01:54:46.0328 3908 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
01:54:46.0374 3908 TermDD - ok
01:54:47.0006 3908 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
01:54:48.0261 3908 TrueSight ( UnsignedFile.Multi.Generic ) - warning
01:54:48.0261 3908 TrueSight - detected UnsignedFile.Multi.Generic (1)
01:54:48.0458 3908 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:54:48.0564 3908 tssecsrv - ok
01:54:48.0686 3908 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
01:54:48.0778 3908 tunmp - ok
01:54:48.0972 3908 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
01:54:49.0013 3908 tunnel - ok
01:54:49.0072 3908 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
01:54:49.0127 3908 uagp35 - ok
01:54:49.0193 3908 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
01:54:49.0329 3908 udfs - ok
01:54:49.0528 3908 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
01:54:49.0580 3908 uliagpkx - ok
01:54:49.0702 3908 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
01:54:49.0748 3908 uliahci - ok
01:54:49.0773 3908 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:54:49.0821 3908 UlSata - ok
01:54:49.0865 3908 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:54:49.0928 3908 ulsata2 - ok
01:54:49.0979 3908 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
01:54:50.0102 3908 umbus - ok
01:54:50.0212 3908 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
01:54:50.0297 3908 upperdev - ok
01:54:50.0472 3908 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
01:54:50.0508 3908 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
01:54:50.0508 3908 USBAAPL - detected UnsignedFile.Multi.Generic (1)
01:54:50.0567 3908 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
01:54:50.0724 3908 usbccgp - ok
01:54:50.0831 3908 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:54:50.0937 3908 usbcir - ok
01:54:51.0059 3908 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
01:54:51.0160 3908 usbehci - ok
01:54:51.0203 3908 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
01:54:51.0330 3908 usbhub - ok
01:54:51.0364 3908 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
01:54:51.0507 3908 usbohci - ok
01:54:51.0635 3908 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
01:54:51.0772 3908 usbprint - ok
01:54:51.0808 3908 usbser (c0488cc01a1c686b08a3d360c7f50324) C:\Windows\system32\drivers\usbser.sys
01:54:51.0901 3908 usbser - ok
01:54:51.0945 3908 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
01:54:51.0991 3908 UsbserFilt - ok
01:54:52.0029 3908 USBSTOR (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:54:52.0105 3908 USBSTOR - ok
01:54:52.0141 3908 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
01:54:52.0206 3908 usbuhci - ok
01:54:52.0278 3908 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
01:54:52.0345 3908 usbvideo - ok
01:54:52.0396 3908 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
01:54:52.0489 3908 vga - ok
01:54:52.0544 3908 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
01:54:52.0615 3908 VgaSave - ok
01:54:52.0649 3908 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
01:54:52.0699 3908 viaagp - ok
01:54:52.0743 3908 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
01:54:52.0809 3908 ViaC7 - ok
01:54:52.0860 3908 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
01:54:52.0881 3908 viaide - ok
01:54:52.0907 3908 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
01:54:52.0935 3908 volmgr - ok
01:54:52.0956 3908 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
01:54:53.0000 3908 volmgrx - ok
01:54:53.0033 3908 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
01:54:53.0066 3908 volsnap - ok
01:54:53.0158 3908 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
01:54:53.0186 3908 vsmraid - ok
01:54:53.0246 3908 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:54:53.0313 3908 WacomPen - ok
01:54:53.0410 3908 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
01:54:53.0525 3908 Wanarp - ok
01:54:53.0538 3908 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
01:54:53.0612 3908 Wanarpv6 - ok
01:54:53.0706 3908 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
01:54:53.0731 3908 Wd - ok
01:54:53.0795 3908 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
01:54:53.0884 3908 Wdf01000 - ok
01:54:53.0998 3908 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:54:54.0064 3908 WmiAcpi - ok
01:54:54.0135 3908 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
01:54:54.0216 3908 WpdUsb - ok
01:54:54.0264 3908 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
01:54:54.0361 3908 ws2ifsl - ok
01:54:54.0454 3908 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
01:54:54.0576 3908 WudfPf - ok
01:54:54.0621 3908 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:54:54.0686 3908 WUDFRd - ok
01:54:54.0773 3908 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:54:55.0068 3908 \Device\Harddisk0\DR0 - ok
01:54:55.0149 3908 Boot (0x1200) (280b5b43ac26b935322c4cb2edf45bcf) \Device\Harddisk0\DR0\Partition0
01:54:55.0151 3908 \Device\Harddisk0\DR0\Partition0 - ok
01:54:55.0154 3908 Boot (0x1200) (4e6c319903e356c9e85e3211c8ef66e9) \Device\Harddisk0\DR0\Partition1
01:54:55.0156 3908 \Device\Harddisk0\DR0\Partition1 - ok
01:54:55.0168 3908 ============================================================
01:54:55.0168 3908 Scan finished
01:54:55.0168 3908 ============================================================
01:54:55.0181 6056 Detected object count: 2
01:54:55.0182 6056 Actual detected object count: 2
02:02:08.0082 6056 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:08.0082 6056 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:08.0085 6056 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:08.0086 6056 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:03:26.0498 4100 Deinitialize success
#30
Posted 08 January 2012 - 10:16 AM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
We should proceed with general antimalware scan which can take quite a long time so please be patient.
Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information
On completion click the link to locate the zip file to upload and attach to your next post
Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information
On completion click the link to locate the zip file to upload and attach to your next post
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
