Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win7 Antivirus 2012-- I suspect remnants

Started by JeremyK , Dec 18 2011 12:32 PM

  • Please log in to reply

#31
RKinner
Posted 24 December 2011 - 02:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Open up the Services window as before and find the IPsec Policy Agent. Right click on it and select Properties then click on the LogOn Tab. It should show that it logs on with Network Service. Does it?

Look at the same thing in BFE. It should say it logs on in Local Service.

Continue for the other services that depend on BFE

IKE and AuthIP IPsec Keying Modules Local Service (just checked, no password given)

Internet Connection Sharing (ICS) Local Service (just checked, no password given)

Routing and Remote Access Local Service (just checked, no password given)

Windows Firewall Local Service with password

Then I found this:

http://answers.micro...44-4651a2214cdf

See if you can figure out what the links that guitarman888 gives are trying to tell you to do. The second one
The Windows Firewall Service Fails to start – Checking Privilege Access
sounds promising.

Skip this for now. See post #35.

Have a nice trip. I never close a thread but if something happens you can always PM me.
  • 0

Advertisements

#32
JeremyK
Posted 24 December 2011 - 06:56 AM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
A little crunched for time in the hustle to get to the airport. I went through the services. The only one that was passworded was IPsec Policy Agent.

IKE and AuthIP IPsec Keying Modules Local Service (just checked, no password given)

Internet Connection Sharing (ICS) Local Service (just checked, no password given)

Routing and Remote Access Local Service (just checked, no password given)

Were each set to local system account with no password.

Windows Firewall Local Service did not exist. I've attached a screenshot for verification.

I did not have a chance to look through the microsoft link you sent. I'll do that Thursday for sure.

I'll touch base upon my return. Thanks again and have a good holiday.

Jeremy

Attached Thumbnails

  • no fire wall.JPG

  • 0

#33
RKinner
Posted 24 December 2011 - 09:15 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
When you get back we will try adding the firewall service to the registry. Most of the other services would just have complained that a dependency was missing but BFE is odd.
  • 0

#34
RKinner
Posted 24 December 2011 - 01:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download, Save the attachment. Right click on it and Extract All then right click on mpssvc fix.reg and MERGE.

Then check in Services to see if Windows Firewall is there.

Ron
  • 0

#35
RKinner
Posted 26 December 2011 - 05:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
After you reinstall the firewall I have the solution for BFE:

Go into regedit, (Start, Search, regedit, doubleclick, Continue) navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
(Find HKEY_LOCAL_MACHINE\SYSTEM and click on the + in front of it. Find CurrentControlSet and click on its plus. Click on Services) then right click on Services and select Permissions then click Add.
Type in
NT Service\bfe
and click on Check Name. (It will change your typing to BFE ) OK. You should be back on the first Permissions page. Now select BFE on the permission page and click on the first box to the right of Full Control (Allow column). Then Apply. Reboot and go back into Services and see if BFE is running.
  • 0

#36
JeremyK
Posted 29 December 2011 - 11:06 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hey Ron,

I'm back and going to work on the PC.

I looked over the microsoft link you provided... I have to admit I did not make it very far into the post before getting lost. So I don't think I accomplished much there.

I merged the registry file you provided. I went back and checked the active services. Still no mention of "Windows Fire Wall." I did not follow your instructions on your most recent post since the firewall was not present. I did not want to proceed unless it was okay to do so in the absence of the firewall.

Also, I just noticed the wscsvc entry running under services. It is noted as delayed. Is this normal? Seems pretty generic... A google search revealed that this is sometimes a trojan. I've posted a screen cap.

Thanks,
Jeremy

Edited by JeremyK, 29 December 2011 - 11:11 PM.

  • 0

#37
JeremyK
Posted 29 December 2011 - 11:11 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Wscsvc screen cap.

Attached Thumbnails

  • Capture.JPG

Edited by JeremyK, 29 December 2011 - 11:12 PM.

  • 0

#38
RKinner
Posted 29 December 2011 - 11:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Go ahead and do this:

Go into regedit, (Start, Search, regedit, doubleclick, Continue) navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
(Find HKEY_LOCAL_MACHINE\SYSTEM and click on the + in front of it. Find CurrentControlSet and click on its plus. Click on Services) then right click on Services and select Permissions then click Add.
Type in
NT Service\bfe
and click on Check Name. (It will change your typing to BFE ) OK. You should be back on the first Permissions page. Now select BFE on the permission page and click on the first box to the right of Full Control (Allow column). Then Apply. Reboot and go back into Services and see if BFE is running.

We will worry about the firewall later. First we need to fix BFE since the Firewall won't start without it.

The wscsvc is the Security Center. Don't know why you don't have a description on yours.
  • 0

#39
JeremyK
Posted 29 December 2011 - 11:43 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Good news. The base filtering engine appears to be up and running again. See screen shot for verification.

Turning in for the night. Will resume in the morning.

Attached Thumbnails

  • Capture.JPG

  • 0

#40
JeremyK
Posted 30 December 2011 - 12:50 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ahhh! This never seems to end. I've done virtually nothing on my PC other than check email (no attachments) and look at sales on Steam. I just got a pop-up from security essentials. I've copied a screen cap. The program seemed to be unable to remove the virus.

EDIT: Re-ran essentials and it stated it was successful in removing the file this time. I checked the location and it is gone. It noted that it was successful, but it also said there was an error in the process. I'm confused.

Attached Thumbnails

  • Capture.JPG

Edited by JeremyK, 30 December 2011 - 12:52 PM.

  • 0

Advertisements

#41
RKinner
Posted 30 December 2011 - 12:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Being on line without a firewall is dangerous.

Let's start over. At least you already have the files so you won't need to download them:


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#42
JeremyK
Posted 30 December 2011 - 01:15 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hey Ron,

I'm on my wife's computer as my PC goes through the combofix motions. It found the same rootkit. Somehow it resurfaced on the PC. I don't think I want to go through all these motions again as my PC continually gets re-infected right as we start to clean it up.

What are your thoughts about a reformat. At this point the hassle of reformatting is about equal to the hassle of cleaning.
  • 0

#43
JeremyK
Posted 30 December 2011 - 01:38 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ron,

Here are all the outputs. As mentioned in the earlier post, I'm thinking it may be worth it to just reformat the PC. Let me know if you think that's a reasonable course at this point. That should wipe everything out and restore all my corrupted/lost files (firewall, BFE, etc).

Thanks,
Jeremy

Combofix:

ComboFix 11-12-30.01 - Jeremy 12/30/2011 13:07:08.3.4 - x86
Running from: c:\users\Jeremy\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB10857$
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 19:12 . 2011-12-30 19:12 -------- d-----w- c:\users\Jeremy\AppData\Local\temp
2011-12-30 19:12 . 2011-12-30 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 19:05 . 2011-12-30 19:14 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC9794B2-9D00-4034-BBCC-7AE067B5E0FB}\offreg.dll
2011-12-30 19:03 . 2009-07-13 23:53 104448 ----a-w- c:\windows\system32\drivers\pacer.sys
2011-12-30 18:53 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC9794B2-9D00-4034-BBCC-7AE067B5E0FB}\mpengine.dll
2011-12-24 01:58 . 2011-12-24 01:58 -------- d-----w- c:\users\Jeremy\AppData\Local\AliensVsPredator
2011-12-24 01:55 . 2009-09-04 23:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-12-24 01:55 . 2009-09-04 23:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-12-24 01:55 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-12-24 01:55 . 2009-09-04 23:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-12-24 01:55 . 2009-09-04 23:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-12-24 01:55 . 2009-09-04 23:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-12-24 01:55 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-12-23 23:03 . 2011-12-23 23:32 -------- d-----w- c:\users\Jeremy\AppData\Local\The Witcher
2011-12-23 20:44 . 2011-12-23 20:44 -------- d-----w- c:\program files\Windows Resource Kits
2011-12-22 23:54 . 2011-12-22 23:54 -------- d-----w- C:\_OTL
2011-12-22 13:05 . 2011-12-22 13:05 -------- d-----w- c:\program files\Common Files\Java
2011-12-22 03:37 . 2011-12-30 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-22 03:37 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 04:11 . 2011-12-18 04:11 388096 ----a-r- c:\users\Jeremy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-18 03:59 . 2011-12-18 01:00 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-18 01:00 . 2011-12-18 01:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-18 00:59 . 2011-12-18 00:59 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-18 00:59 . 2011-12-12 16:07 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-18 00:59 . 2011-12-18 00:59 -------- d-----w- c:\programdata\Lavasoft
2011-12-18 00:59 . 2011-12-18 00:59 -------- d-----w- c:\program files\Lavasoft
2011-12-15 04:09 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 23:43 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 23:43 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 23:43 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 23:43 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 23:43 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 23:43 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 19:14 . 2010-12-16 23:37 16608 ----a-w- c:\windows\gdrv.sys
2011-12-22 13:05 . 2011-02-02 17:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-08 12:55 . 2011-06-05 14:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 10:47 . 2010-12-17 15:56 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-11 11:59 . 2011-10-11 11:59 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B16F730-A0EF-4EA4-ACA1-556989CE39EA}\gapaengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-06-26 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-28 264040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl1fb66d1e;MpKsl1fb66d1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC9794B2-9D00-4034-BBCC-7AE067B5E0FB}\MpKsl1fb66d1e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-16 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-16 79360]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-12 64512]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 294400]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-12-18 2152152]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 110592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 482304]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-22 218176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Adobe Acrobat - Create PDF: [email protected] - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4015683106-3705552429-2377932191-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2011-12-30 13:17:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 19:17
ComboFix2.txt 2011-12-22 01:31
.
Pre-Run: 300,266,098,688 bytes free
Post-Run: 300,234,932,224 bytes free
.
- - End Of File - - B043AB0E69D74403E31317C3C2BBB168


TDS:

13:23:19.0886 3876 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:23:20.0182 3876 ============================================================
13:23:20.0182 3876 Current date / time: 2011/12/30 13:23:20.0182
13:23:20.0182 3876 SystemInfo:
13:23:20.0182 3876
13:23:20.0182 3876 OS Version: 6.1.7601 ServicePack: 1.0
13:23:20.0182 3876 Product type: Workstation
13:23:20.0182 3876 ComputerName: JEREMY-PC
13:23:20.0182 3876 UserName: Jeremy
13:23:20.0182 3876 Windows directory: C:\Windows
13:23:20.0182 3876 System windows directory: C:\Windows
13:23:20.0182 3876 Processor architecture: Intel x86
13:23:20.0182 3876 Number of processors: 4
13:23:20.0182 3876 Page size: 0x1000
13:23:20.0182 3876 Boot type: Normal boot
13:23:20.0182 3876 ============================================================
13:23:21.0212 3876 Initialize success
13:23:29.0807 0680 ============================================================
13:23:29.0807 0680 Scan started
13:23:29.0807 0680 Mode: Manual;
13:23:29.0807 0680 ============================================================
13:23:30.0884 0680 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:23:30.0884 0680 1394ohci - ok
13:23:30.0931 0680 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:23:30.0931 0680 ACPI - ok
13:23:30.0931 0680 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:23:30.0946 0680 AcpiPmi - ok
13:23:30.0993 0680 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:23:30.0993 0680 adp94xx - ok
13:23:31.0009 0680 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:23:31.0009 0680 adpahci - ok
13:23:31.0024 0680 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:23:31.0024 0680 adpu320 - ok
13:23:31.0087 0680 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:23:31.0087 0680 AFD - ok
13:23:31.0102 0680 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:23:31.0102 0680 agp440 - ok
13:23:31.0118 0680 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:23:31.0118 0680 aic78xx - ok
13:23:31.0149 0680 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:23:31.0149 0680 aliide - ok
13:23:31.0196 0680 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:23:31.0196 0680 amdagp - ok
13:23:31.0196 0680 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:23:31.0211 0680 amdide - ok
13:23:31.0227 0680 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
13:23:31.0227 0680 amdiox86 - ok
13:23:31.0243 0680 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:23:31.0243 0680 AmdK8 - ok
13:23:31.0383 0680 amdkmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys
13:23:31.0445 0680 amdkmdag - ok
13:23:31.0523 0680 amdkmdap (0b1b116d30f133dc918287fd8e212f1e) C:\Windows\system32\DRIVERS\atikmpag.sys
13:23:31.0523 0680 amdkmdap - ok
13:23:31.0586 0680 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:23:31.0586 0680 AmdPPM - ok
13:23:31.0633 0680 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:23:31.0633 0680 amdsata - ok
13:23:31.0664 0680 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:23:31.0664 0680 amdsbs - ok
13:23:31.0679 0680 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:23:31.0679 0680 amdxata - ok
13:23:31.0726 0680 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:23:31.0726 0680 AppID - ok
13:23:31.0773 0680 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:23:31.0773 0680 arc - ok
13:23:31.0789 0680 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:23:31.0789 0680 arcsas - ok
13:23:31.0820 0680 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:23:31.0820 0680 AsyncMac - ok
13:23:31.0820 0680 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:23:31.0820 0680 atapi - ok
13:23:31.0882 0680 AtiHDAudioService (45fe74599fba4070e7c7dac928896474) C:\Windows\system32\drivers\AtihdW73.sys
13:23:31.0882 0680 AtiHDAudioService - ok
13:23:31.0898 0680 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:23:31.0913 0680 b06bdrv - ok
13:23:31.0929 0680 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:23:31.0929 0680 b57nd60x - ok
13:23:31.0945 0680 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:23:31.0945 0680 Beep - ok
13:23:31.0991 0680 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:23:31.0991 0680 blbdrive - ok
13:23:32.0023 0680 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:23:32.0023 0680 bowser - ok
13:23:32.0038 0680 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:23:32.0038 0680 BrFiltLo - ok
13:23:32.0038 0680 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:23:32.0038 0680 BrFiltUp - ok
13:23:32.0054 0680 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:23:32.0054 0680 Brserid - ok
13:23:32.0069 0680 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:23:32.0069 0680 BrSerWdm - ok
13:23:32.0085 0680 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:23:32.0085 0680 BrUsbMdm - ok
13:23:32.0085 0680 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:23:32.0085 0680 BrUsbSer - ok
13:23:32.0101 0680 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:23:32.0101 0680 BTHMODEM - ok
13:23:32.0210 0680 catchme - ok
13:23:32.0257 0680 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:23:32.0257 0680 cdfs - ok
13:23:32.0303 0680 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:23:32.0303 0680 cdrom - ok
13:23:32.0319 0680 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:23:32.0319 0680 circlass - ok
13:23:32.0350 0680 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:23:32.0350 0680 CLFS - ok
13:23:32.0397 0680 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:23:32.0397 0680 CmBatt - ok
13:23:32.0428 0680 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:23:32.0428 0680 cmdide - ok
13:23:32.0444 0680 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:23:32.0459 0680 CNG - ok
13:23:32.0459 0680 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:23:32.0459 0680 Compbatt - ok
13:23:32.0475 0680 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:23:32.0475 0680 CompositeBus - ok
13:23:32.0491 0680 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:23:32.0491 0680 crcdisk - ok
13:23:32.0553 0680 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:23:32.0553 0680 CSC - ok
13:23:32.0600 0680 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:23:32.0600 0680 DfsC - ok
13:23:32.0631 0680 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:23:32.0631 0680 discache - ok
13:23:32.0678 0680 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:23:32.0678 0680 Disk - ok
13:23:32.0709 0680 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:23:32.0709 0680 drmkaud - ok
13:23:32.0756 0680 dtsoftbus01 (b672b993207dd5e2f73fcda8c0427b0f) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:23:32.0756 0680 dtsoftbus01 - ok
13:23:32.0787 0680 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:23:32.0803 0680 DXGKrnl - ok
13:23:32.0849 0680 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:23:32.0881 0680 ebdrv - ok
13:23:32.0912 0680 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:23:32.0927 0680 elxstor - ok
13:23:32.0974 0680 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:23:32.0974 0680 ErrDev - ok
13:23:33.0005 0680 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:23:33.0005 0680 exfat - ok
13:23:33.0021 0680 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:23:33.0037 0680 fastfat - ok
13:23:33.0068 0680 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:23:33.0068 0680 fdc - ok
13:23:33.0068 0680 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:23:33.0083 0680 FileInfo - ok
13:23:33.0083 0680 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:23:33.0083 0680 Filetrace - ok
13:23:33.0099 0680 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:23:33.0099 0680 flpydisk - ok
13:23:33.0115 0680 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:23:33.0115 0680 FltMgr - ok
13:23:33.0130 0680 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:23:33.0130 0680 FsDepends - ok
13:23:33.0130 0680 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:23:33.0130 0680 Fs_Rec - ok
13:23:33.0177 0680 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:23:33.0177 0680 fvevol - ok
13:23:33.0224 0680 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:23:33.0224 0680 gagp30kx - ok
13:23:33.0271 0680 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\Windows\gdrv.sys
13:23:33.0271 0680 gdrv - ok
13:23:33.0271 0680 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:23:33.0286 0680 hcw85cir - ok
13:23:33.0333 0680 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:23:33.0333 0680 HdAudAddService - ok
13:23:33.0364 0680 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:23:33.0364 0680 HDAudBus - ok
13:23:33.0380 0680 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:23:33.0380 0680 HidBatt - ok
13:23:33.0395 0680 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:23:33.0395 0680 HidBth - ok
13:23:33.0411 0680 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:23:33.0411 0680 HidIr - ok
13:23:33.0458 0680 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:23:33.0458 0680 HidUsb - ok
13:23:33.0473 0680 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:23:33.0473 0680 HpSAMD - ok
13:23:33.0505 0680 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:23:33.0520 0680 HTTP - ok
13:23:33.0551 0680 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:23:33.0551 0680 hwpolicy - ok
13:23:33.0614 0680 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:23:33.0614 0680 i8042prt - ok
13:23:33.0629 0680 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:23:33.0629 0680 iaStorV - ok
13:23:33.0661 0680 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:23:33.0661 0680 iirsp - ok
13:23:33.0676 0680 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:23:33.0692 0680 intelide - ok
13:23:33.0723 0680 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:23:33.0723 0680 intelppm - ok
13:23:33.0739 0680 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:23:33.0739 0680 IpFilterDriver - ok
13:23:33.0754 0680 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:23:33.0754 0680 IPMIDRV - ok
13:23:33.0770 0680 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:23:33.0770 0680 IPNAT - ok
13:23:33.0801 0680 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:23:33.0801 0680 IRENUM - ok
13:23:33.0817 0680 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:23:33.0817 0680 isapnp - ok
13:23:33.0832 0680 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:23:33.0832 0680 iScsiPrt - ok
13:23:33.0879 0680 JRAID (a324485106f133e751f4b7f47c4be3ea) C:\Windows\system32\DRIVERS\jraid.sys
13:23:33.0879 0680 JRAID - ok
13:23:33.0895 0680 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:23:33.0895 0680 kbdclass - ok
13:23:33.0941 0680 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:23:33.0941 0680 kbdhid - ok
13:23:33.0973 0680 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
13:23:33.0973 0680 KSecDD - ok
13:23:33.0988 0680 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
13:23:33.0988 0680 KSecPkg - ok
13:23:34.0035 0680 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
13:23:34.0035 0680 Lbd - ok
13:23:34.0082 0680 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:23:34.0082 0680 lltdio - ok
13:23:34.0113 0680 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:23:34.0113 0680 LSI_FC - ok
13:23:34.0129 0680 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:23:34.0129 0680 LSI_SAS - ok
13:23:34.0129 0680 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:23:34.0129 0680 LSI_SAS2 - ok
13:23:34.0144 0680 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:23:34.0144 0680 LSI_SCSI - ok
13:23:34.0160 0680 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:23:34.0160 0680 luafv - ok
13:23:34.0175 0680 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:23:34.0175 0680 megasas - ok
13:23:34.0191 0680 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:23:34.0191 0680 MegaSR - ok
13:23:34.0207 0680 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:23:34.0207 0680 Modem - ok
13:23:34.0222 0680 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:23:34.0222 0680 monitor - ok
13:23:34.0253 0680 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:23:34.0253 0680 mouclass - ok
13:23:34.0269 0680 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:23:34.0269 0680 mouhid - ok
13:23:34.0285 0680 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:23:34.0285 0680 mountmgr - ok
13:23:34.0331 0680 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
13:23:34.0331 0680 MpFilter - ok
13:23:34.0347 0680 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:23:34.0347 0680 mpio - ok
13:23:34.0425 0680 MpKsl1fb66d1e - ok
13:23:34.0487 0680 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:23:34.0487 0680 MpNWMon - ok
13:23:34.0487 0680 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:23:34.0487 0680 mpsdrv - ok
13:23:34.0550 0680 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:23:34.0550 0680 MRxDAV - ok
13:23:34.0597 0680 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:23:34.0597 0680 mrxsmb - ok
13:23:34.0628 0680 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:23:34.0628 0680 mrxsmb10 - ok
13:23:34.0643 0680 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:23:34.0643 0680 mrxsmb20 - ok
13:23:34.0690 0680 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:23:34.0690 0680 msahci - ok
13:23:34.0690 0680 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:23:34.0690 0680 msdsm - ok
13:23:34.0737 0680 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:23:34.0737 0680 Msfs - ok
13:23:34.0753 0680 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:23:34.0753 0680 mshidkmdf - ok
13:23:34.0784 0680 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:23:34.0784 0680 msisadrv - ok
13:23:34.0799 0680 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:23:34.0799 0680 MSKSSRV - ok
13:23:34.0815 0680 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:23:34.0815 0680 MSPCLOCK - ok
13:23:34.0831 0680 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:23:34.0831 0680 MSPQM - ok
13:23:34.0846 0680 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:23:34.0846 0680 MsRPC - ok
13:23:34.0862 0680 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:23:34.0862 0680 mssmbios - ok
13:23:34.0862 0680 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:23:34.0862 0680 MSTEE - ok
13:23:34.0877 0680 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:23:34.0877 0680 MTConfig - ok
13:23:34.0893 0680 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:23:34.0893 0680 Mup - ok
13:23:34.0955 0680 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:23:34.0955 0680 NativeWifiP - ok
13:23:34.0987 0680 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:23:35.0002 0680 NDIS - ok
13:23:35.0018 0680 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:23:35.0018 0680 NdisCap - ok
13:23:35.0018 0680 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:23:35.0018 0680 NdisTapi - ok
13:23:35.0065 0680 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:23:35.0065 0680 Ndisuio - ok
13:23:35.0096 0680 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:23:35.0096 0680 NdisWan - ok
13:23:35.0127 0680 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:23:35.0127 0680 NDProxy - ok
13:23:35.0143 0680 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:23:35.0143 0680 NetBIOS - ok
13:23:35.0267 0680 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:23:35.0267 0680 NetBT - ok
13:23:35.0314 0680 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:23:35.0314 0680 nfrd960 - ok
13:23:35.0377 0680 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:23:35.0377 0680 NisDrv - ok
13:23:35.0392 0680 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:23:35.0392 0680 Npfs - ok
13:23:35.0408 0680 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:23:35.0408 0680 nsiproxy - ok
13:23:35.0455 0680 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:23:35.0470 0680 Ntfs - ok
13:23:35.0470 0680 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:23:35.0470 0680 Null - ok
13:23:35.0486 0680 nvlddmkm - ok
13:23:35.0517 0680 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:23:35.0517 0680 nvraid - ok
13:23:35.0533 0680 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:23:35.0533 0680 nvstor - ok
13:23:35.0548 0680 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:23:35.0564 0680 nv_agp - ok
13:23:35.0579 0680 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:23:35.0579 0680 ohci1394 - ok
13:23:35.0642 0680 P17 (f2519d547a6ac2afe0df0dc826a085a7) C:\Windows\system32\drivers\P17.sys
13:23:35.0657 0680 P17 - ok
13:23:35.0704 0680 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:23:35.0704 0680 Parport - ok
13:23:35.0735 0680 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:23:35.0735 0680 partmgr - ok
13:23:35.0767 0680 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:23:35.0767 0680 Parvdm - ok
13:23:35.0782 0680 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:23:35.0782 0680 pci - ok
13:23:35.0798 0680 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:23:35.0798 0680 pciide - ok
13:23:35.0813 0680 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:23:35.0813 0680 pcmcia - ok
13:23:35.0829 0680 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:23:35.0829 0680 pcw - ok
13:23:35.0845 0680 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:23:35.0860 0680 PEAUTH - ok
13:23:35.0938 0680 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:23:35.0938 0680 PptpMiniport - ok
13:23:35.0954 0680 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:23:35.0954 0680 Processor - ok
13:23:36.0001 0680 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:23:36.0001 0680 Psched - ok
13:23:36.0032 0680 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:23:36.0047 0680 ql2300 - ok
13:23:36.0047 0680 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:23:36.0047 0680 ql40xx - ok
13:23:36.0063 0680 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:23:36.0063 0680 QWAVEdrv - ok
13:23:36.0079 0680 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:23:36.0079 0680 RasAcd - ok
13:23:36.0110 0680 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:23:36.0110 0680 RasAgileVpn - ok
13:23:36.0125 0680 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:23:36.0125 0680 Rasl2tp - ok
13:23:36.0157 0680 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:23:36.0157 0680 RasPppoe - ok
13:23:36.0172 0680 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:23:36.0172 0680 RasSstp - ok
13:23:36.0203 0680 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:23:36.0203 0680 rdbss - ok
13:23:36.0219 0680 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:23:36.0219 0680 rdpbus - ok
13:23:36.0266 0680 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:23:36.0266 0680 RDPCDD - ok
13:23:36.0281 0680 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:23:36.0281 0680 RDPDR - ok
13:23:36.0297 0680 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:23:36.0297 0680 RDPENCDD - ok
13:23:36.0313 0680 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:23:36.0313 0680 RDPREFMP - ok
13:23:36.0359 0680 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
13:23:36.0359 0680 RdpVideoMiniport - ok
13:23:36.0375 0680 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:23:36.0375 0680 RDPWD - ok
13:23:36.0422 0680 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:23:36.0422 0680 rdyboost - ok
13:23:36.0437 0680 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:23:36.0437 0680 rspndr - ok
13:23:36.0484 0680 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
13:23:36.0484 0680 RTL8167 - ok
13:23:36.0515 0680 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:23:36.0515 0680 s3cap - ok
13:23:36.0547 0680 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:23:36.0547 0680 sbp2port - ok
13:23:36.0562 0680 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:23:36.0562 0680 scfilter - ok
13:23:36.0609 0680 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:23:36.0609 0680 secdrv - ok
13:23:36.0640 0680 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:23:36.0640 0680 Serenum - ok
13:23:36.0656 0680 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:23:36.0656 0680 Serial - ok
13:23:36.0671 0680 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:23:36.0671 0680 sermouse - ok
13:23:36.0687 0680 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:23:36.0687 0680 sffdisk - ok
13:23:36.0703 0680 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:23:36.0703 0680 sffp_mmc - ok
13:23:36.0703 0680 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:23:36.0703 0680 sffp_sd - ok
13:23:36.0734 0680 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:23:36.0734 0680 sfloppy - ok
13:23:36.0843 0680 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:23:36.0843 0680 sisagp - ok
13:23:36.0905 0680 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:23:36.0921 0680 SiSRaid2 - ok
13:23:36.0937 0680 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:23:36.0937 0680 SiSRaid4 - ok
13:23:36.0968 0680 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:23:36.0968 0680 Smb - ok
13:23:36.0983 0680 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:23:36.0983 0680 spldr - ok
13:23:37.0030 0680 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:23:37.0030 0680 srv - ok
13:23:37.0046 0680 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:23:37.0046 0680 srv2 - ok
13:23:37.0061 0680 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:23:37.0061 0680 srvnet - ok
13:23:37.0108 0680 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:23:37.0108 0680 stexstor - ok
13:23:37.0139 0680 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:23:37.0139 0680 storflt - ok
13:23:37.0171 0680 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:23:37.0171 0680 storvsc - ok
13:23:37.0171 0680 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:23:37.0171 0680 swenum - ok
13:23:37.0202 0680 Synth3dVsc - ok
13:23:37.0249 0680 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:23:37.0264 0680 Tcpip - ok
13:23:37.0280 0680 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:23:37.0280 0680 TCPIP6 - ok
13:23:37.0327 0680 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:23:37.0327 0680 tcpipreg - ok
13:23:37.0358 0680 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:23:37.0358 0680 TDPIPE - ok
13:23:37.0373 0680 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:23:37.0373 0680 TDTCP - ok
13:23:37.0405 0680 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
13:23:37.0420 0680 tdx - ok
13:23:37.0451 0680 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:23:37.0451 0680 TermDD - ok
13:23:37.0483 0680 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:23:37.0483 0680 tssecsrv - ok
13:23:37.0529 0680 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:23:37.0529 0680 TsUsbFlt - ok
13:23:37.0529 0680 tsusbhub - ok
13:23:37.0576 0680 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:23:37.0592 0680 tunnel - ok
13:23:37.0607 0680 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:23:37.0607 0680 uagp35 - ok
13:23:37.0654 0680 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:23:37.0654 0680 udfs - ok
13:23:37.0685 0680 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:23:37.0685 0680 uliagpkx - ok
13:23:37.0732 0680 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:23:37.0748 0680 umbus - ok
13:23:37.0763 0680 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:23:37.0763 0680 UmPass - ok
13:23:37.0810 0680 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
13:23:37.0810 0680 usbaudio - ok
13:23:37.0826 0680 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:23:37.0826 0680 usbccgp - ok
13:23:37.0826 0680 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:23:37.0826 0680 usbcir - ok
13:23:37.0841 0680 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:23:37.0841 0680 usbehci - ok
13:23:37.0857 0680 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:23:37.0857 0680 usbhub - ok
13:23:37.0873 0680 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
13:23:37.0873 0680 usbohci - ok
13:23:37.0888 0680 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:23:37.0888 0680 usbprint - ok
13:23:37.0904 0680 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:23:37.0904 0680 USBSTOR - ok
13:23:37.0919 0680 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
13:23:37.0919 0680 usbuhci - ok
13:23:37.0966 0680 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:23:37.0966 0680 vdrvroot - ok
13:23:37.0982 0680 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:23:37.0982 0680 vga - ok
13:23:37.0982 0680 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:23:37.0997 0680 VgaSave - ok
13:23:37.0997 0680 VGPU - ok
13:23:38.0013 0680 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:23:38.0013 0680 vhdmp - ok
13:23:38.0013 0680 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:23:38.0029 0680 viaagp - ok
13:23:38.0029 0680 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:23:38.0029 0680 ViaC7 - ok
13:23:38.0044 0680 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:23:38.0044 0680 viaide - ok
13:23:38.0060 0680 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:23:38.0060 0680 vmbus - ok
13:23:38.0075 0680 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:23:38.0075 0680 VMBusHID - ok
13:23:38.0075 0680 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:23:38.0091 0680 volmgr - ok
13:23:38.0091 0680 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:23:38.0091 0680 volmgrx - ok
13:23:38.0122 0680 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:23:38.0122 0680 volsnap - ok
13:23:38.0169 0680 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys
13:23:38.0169 0680 vpnva - ok
13:23:38.0216 0680 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:23:38.0216 0680 vsmraid - ok
13:23:38.0231 0680 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:23:38.0231 0680 vwifibus - ok
13:23:38.0247 0680 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:23:38.0247 0680 WacomPen - ok
13:23:38.0309 0680 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:23:38.0309 0680 WANARP - ok
13:23:38.0309 0680 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:23:38.0309 0680 Wanarpv6 - ok
13:23:38.0325 0680 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:23:38.0325 0680 Wd - ok
13:23:38.0356 0680 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
13:23:38.0356 0680 WDC_SAM - ok
13:23:38.0387 0680 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:23:38.0387 0680 Wdf01000 - ok
13:23:38.0465 0680 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:23:38.0465 0680 WfpLwf - ok
13:23:38.0481 0680 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:23:38.0481 0680 WIMMount - ok
13:23:38.0543 0680 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:23:38.0543 0680 WinUsb - ok
13:23:38.0575 0680 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:23:38.0575 0680 WmiAcpi - ok
13:23:38.0606 0680 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:23:38.0606 0680 ws2ifsl - ok
13:23:38.0621 0680 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:23:38.0621 0680 WudfPf - ok
13:23:38.0637 0680 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:23:38.0637 0680 WUDFRd - ok
13:23:38.0668 0680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:23:38.0699 0680 \Device\Harddisk0\DR0 - ok
13:23:38.0715 0680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:23:38.0715 0680 \Device\Harddisk1\DR1 - ok
13:23:38.0762 0680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
13:23:38.0762 0680 \Device\Harddisk2\DR2 - ok
13:23:38.0777 0680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
13:23:39.0245 0680 \Device\Harddisk3\DR3 - ok
13:23:39.0245 0680 Boot (0x1200) (a3c17c0b61bc2b230078eac161341c66) \Device\Harddisk0\DR0\Partition0
13:23:39.0245 0680 \Device\Harddisk0\DR0\Partition0 - ok
13:23:39.0245 0680 Boot (0x1200) (eb28b92a9e39663b8d9a686a7d4abe34) \Device\Harddisk1\DR1\Partition0
13:23:39.0245 0680 \Device\Harddisk1\DR1\Partition0 - ok
13:23:39.0292 0680 Boot (0x1200) (402173f3703b3dc139b93f18bb235a1c) \Device\Harddisk2\DR2\Partition0
13:23:39.0292 0680 \Device\Harddisk2\DR2\Partition0 - ok
13:23:39.0292 0680 Boot (0x1200) (ff4c085c58774978c1bdc6405d05ea9b) \Device\Harddisk3\DR3\Partition0
13:23:39.0292 0680 \Device\Harddisk3\DR3\Partition0 - ok
13:23:39.0292 0680 ============================================================
13:23:39.0292 0680 Scan finished
13:23:39.0292 0680 ============================================================
13:23:39.0292 3196 Detected object count: 0
13:23:39.0292 3196 Actual detected object count: 0
13:23:46.0640 3968 Deinitialize success


ASWMBR:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-30 13:24:33
-----------------------------
13:24:33.220 OS Version: Windows 6.1.7601 Service Pack 1
13:24:33.220 Number of processors: 4 586 0x402
13:24:33.220 ComputerName: JEREMY-PC UserName: Jeremy
13:24:33.672 Initialize success
13:25:15.711 AVAST engine defs: 11123000
13:25:29.283 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
13:25:29.283 Disk 0 Vendor: MAXTOR_6L040J2 A93.0500 Size: 38171MB BusType: 3
13:25:29.283 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-5
13:25:29.283 Disk 1 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476938MB BusType: 3
13:25:31.311 Disk 1 MBR read successfully
13:25:31.311 Disk 1 MBR scan
13:25:31.311 Disk 1 Windows 7 default MBR code
13:25:31.311 Disk 1 scanning sectors +976766976
13:25:31.358 Disk 1 scanning C:\Windows\system32\drivers
13:25:38.628 Service scanning
13:25:39.517 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:25:40.125 Modules scanning
13:25:50.874 Scan finished successfully
13:25:57.691 Disk 1 MBR has been saved successfully to "C:\Users\Jeremy\Desktop\G2G Fixes\MBR.dat"
13:25:57.691 The log file has been saved successfully to "C:\Users\Jeremy\Desktop\G2G Fixes\aswMBR.txt"


MBAM:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.30.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jeremy :: JEREMY-PC [administrator]

12/30/2011 1:28:30 PM
mbam-log-2011-12-30 (13-28-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 164392
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


OTL:

OTL logfile created on: 12/30/2011 1:32:32 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop\G2G Fixes\Programs
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 64.74% Memory free
6.50 Gb Paging File | 5.42 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 279.45 Gb Free Space | 60.00% Space Free | Partition Type: NTFS
Drive E: | 37.27 Gb Total Space | 2.59 Gb Free Space | 6.95% Space Free | Partition Type: NTFS
Drive F: | 3.77 Gb Total Space | 2.80 Gb Free Space | 74.46% Space Free | Partition Type: FAT32
Drive G: | 465.73 Gb Total Space | 300.26 Gb Free Space | 64.47% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 12:03:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\G2G Fixes\Programs\OTL.exe
PRC - [2011/09/05 11:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/07/07 22:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/07/07 21:25:20 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/07 21:24:52 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/06/26 11:09:47 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/10 10:34:22 | 004,456,448 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/09/28 10:48:08 | 000,264,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 02:30:39 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011/10/12 02:27:26 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/12 02:23:44 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b57fb7ab01951581394186c32cd278b\PresentationFramework.Classic.ni.dll
MOD - [2011/10/12 02:23:39 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/12 02:23:30 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/12 02:23:29 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/12 02:23:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 02:23:17 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:23:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 02:23:00 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/12 02:22:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 02:22:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 02:22:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 02:22:44 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 02:22:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/07 22:44:44 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/07/07 22:35:08 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/06/26 11:09:47 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/10 08:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/02/06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/12/22 22:05:37 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/17 19:00:45 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/07 22:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/07/07 21:24:52 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/18 01:01:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/16 15:45:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/12/15 23:18:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/02/19 11:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/02/05 12:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/30 13:19:57 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/07/07 22:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/07 20:46:42 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 12:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/01/22 16:36:27 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/12/17 14:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/10/16 01:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/03 20:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A FD 04 3A 29 9D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/02 08:43:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/21 19:45:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 19:45:27 | 000,000,000 | ---D | M]

[2010/12/16 15:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/12/29 22:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\extensions
[2011/12/20 20:40:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\10trninm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/12/22 17:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/22 07:05:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/10/02 08:43:52 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011/12/22 07:05:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/12/30 13:15:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D592450-7706-4E38-8CBC-2E0EC730EDF8}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/12 22:18:21 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 13:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 13:26:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/30 13:17:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/30 13:17:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/30 13:12:23 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\temp
[2011/12/23 19:58:48 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\AliensVsPredator
[2011/12/23 19:55:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/12/23 19:55:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/12/23 19:55:28 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/12/23 19:55:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/12/23 19:55:27 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/12/23 19:55:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/12/23 19:55:22 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/12/23 17:03:18 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\The Witcher
[2011/12/23 17:03:18 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\The Witcher
[2011/12/23 17:02:58 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/12/23 17:02:58 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/12/23 17:02:58 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/12/23 17:02:58 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/12/23 17:02:57 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/12/23 17:02:57 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/12/23 17:02:57 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/12/23 17:02:56 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/12/23 17:02:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/12/23 17:02:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/12/23 17:02:55 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/12/23 17:02:55 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/12/23 17:02:55 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/12/23 17:02:54 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/12/23 17:02:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/12/23 17:02:54 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/12/23 17:02:53 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/12/23 17:02:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/12/23 17:02:53 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/12/23 17:02:52 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/12/23 17:02:52 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/12/23 17:02:51 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/12/23 17:02:51 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/12/23 17:02:51 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/12/23 17:02:51 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/12/23 17:02:50 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/12/23 17:02:50 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/12/23 17:02:50 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/12/23 17:02:50 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/12/23 17:02:49 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/12/23 17:02:49 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/12/23 17:02:49 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/12/23 17:02:49 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/12/23 17:02:48 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/12/23 17:02:48 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/12/23 17:02:47 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/12/23 17:02:47 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/12/23 17:02:47 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/12/23 17:02:47 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/12/23 17:02:47 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/12/23 17:02:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/12/23 17:02:46 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/12/23 17:02:46 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/12/23 17:02:41 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/12/23 17:02:41 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/12/23 17:02:41 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/12/23 17:02:41 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/12/23 17:02:40 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/12/23 17:02:40 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/12/23 17:02:39 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/12/23 17:02:39 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/12/23 17:02:38 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/12/23 17:01:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\The Witcher
[2011/12/23 14:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2011/12/22 17:54:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/22 07:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/22 07:05:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/22 07:05:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/22 07:05:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/21 21:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/21 07:21:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.svs
[2011/12/21 07:17:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/21 07:17:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/21 07:17:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/21 07:17:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/21 07:13:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/21 07:07:29 | 004,356,838 | R--- | C] (Swearware) -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/12/21 07:03:38 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\G2G Fixes
[2011/12/18 11:26:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/17 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/17 22:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2011/12/17 19:00:51 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/17 18:59:14 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/17 18:59:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/17 18:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/14 22:10:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 22:10:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/14 22:10:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 22:10:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 22:10:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 22:09:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 17:43:43 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 17:43:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 17:43:38 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 17:43:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 17:43:36 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 17:43:36 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2011/12/30 13:27:32 | 000,001,095 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/30 13:27:13 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 13:27:13 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 13:26:50 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/30 13:26:50 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/30 13:21:25 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/30 13:19:57 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys
[2011/12/30 13:19:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/30 13:19:36 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/30 13:15:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/30 13:02:38 | 004,356,838 | R--- | M] (Swearware) -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/12/24 06:42:26 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/24 06:42:26 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/23 15:10:07 | 003,763,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/22 07:05:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/22 07:05:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/22 07:05:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/22 07:05:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/12/17 19:00:51 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/17 19:00:50 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/12/17 16:54:09 | 000,010,364 | ---- | M] () -- C:\Users\Jeremy\Documents\121711.reg
[2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/08 06:55:56 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/12/30 13:27:32 | 000,001,095 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/30 13:20:02 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/21 07:17:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/21 07:17:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/21 07:17:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/21 07:17:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/21 07:17:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/17 21:59:07 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/12/17 18:59:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/17 18:59:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/17 16:54:06 | 000,010,364 | ---- | C] () -- C:\Users\Jeremy\Documents\121711.reg
[2011/09/10 23:13:19 | 000,007,606 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\Resmon.ResmonCfg
[2011/08/10 16:53:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/07 22:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/07/07 05:47:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/07 05:46:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/20 20:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/05/13 09:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/05/07 16:09:15 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/07 16:09:14 | 000,022,328 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\PnkBstrK.sys
[2011/05/07 16:08:14 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/05/07 16:08:13 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/05/07 16:08:13 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/04/09 16:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/23 14:36:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/23 14:05:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/06 11:00:11 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/12/16 17:37:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/12/15 23:16:05 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/12/15 23:16:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/16 05:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 003,763,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/13 05:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 04:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/06/07 04:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2005/07/11 18:01:28 | 000,012,244 | ---- | C] () -- C:\Windows\MSUMLT_Y.INI
[2005/03/08 05:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

< End of report >


OTL Extras:

OTL Extras logfile created on: 12/30/2011 1:32:32 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop\G2G Fixes\Programs
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 64.74% Memory free
6.50 Gb Paging File | 5.42 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 279.45 Gb Free Space | 60.00% Space Free | Partition Type: NTFS
Drive E: | 37.27 Gb Total Space | 2.59 Gb Free Space | 6.95% Space Free | Partition Type: NTFS
Drive F: | 3.77 Gb Total Space | 2.80 Gb Free Space | 74.46% Space Free | Partition Type: FAT32
Drive G: | 465.73 Gb Total Space | 300.26 Gb Free Space | 64.47% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F81710-7F87-ECFC-BFD3-5F5C4045433A}" = AMD Media Foundation Decoders
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11661616-6C82-1CA6-874A-2C7A5A7BF72C}" = ATI Catalyst Install Manager
"{1668DB7B-3631-4F23-B1CB-8981979860FB}" = Combat Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}" = WD SmartWare
"{341739C6-79A4-4F7B-A34E-FDAE88749246}" = G*Power 3.1.2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D4D4CBF-79F3-4E38-A1DC-30646F030443}" = Microsoft LifeChat
"{3FCB20AD-FFFB-75AD-6A74-887ACED18CC3}" = Catalyst Control Center Graphics Previews Common
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{43867B63-C464-4570-823D-D92DC08E3400}_is1" = Army Builder 3.3b
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}" = ILLUSION ジンコウガクエン きゃらめいく
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54DBFEC2-ABD3-4088-7B71-353063908CFD}" = AMD VISION Engine Control Center
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6F2E5BB1-33E8-B06B-E965-19EE7117A445}" = AMD Drag and Drop Transcoding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{841C7C00-3FAE-4862-989D-4D564DC6D504}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1" = HF pAppLoc version 0.8
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97BD5533-8B5B-42FA-ADAE-A6F8DB997D7C}" = Ad-Aware
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD1D6AB-CD40-5E5B-72F2-8F258F58B905}" = CCC Help English
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C109AF5B-69D0-4C93-B360-F28D9FAB6084}" = ILLUSION ジンコウガクエン
"{C885824E-188F-8206-E2C2-B32728D6E52A}" = Catalyst Control Center InstallProxy
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F1FA508A-526F-CCA9-0998-D904BF1A80A1}" = ccc-utility
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8A2C087-24EA-E873-FBD9-C901E2EFF299}" = AMD Fuel
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Comical_is1" = Comical 0.8
"ConstructMap46 beta_is1" = ConstructMap v4.6.0
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DAEMON Tools Lite" = DAEMON Tools Lite
"Hero Lab V3.6g" = Hero Lab V3.6g
"hon" = Heroes of Newerth
"KONICA MINOLTA PagePro 1400W" = KONICA MINOLTA PagePro 1400W
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDFCanvas V1.5" = PDFCanvas V1.5
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"Steam App 10680" = Aliens vs. Predator
"Steam App 17470" = Dead Space
"Steam App 19900" = Far Cry 2
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 7760" = X-COM: UFO Defense
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 98200" = Frozen Synapse
"Steam App 99810" = Bulletstorm
"TaxACT 2010" = TaxACT 2010
"TaxACT 2010 Indiana" = TaxACT 2010 Indiana
"VASSAL (3.1.15)" = VASSAL (3.1.15)
"Vuze Toolbar" = Vuze Toolbar
"WaveStudio 7" = Creative WaveStudio 7
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/23/2011 7:01:58 PM | Computer Name = Jeremy-PC | Source = VSS | ID = 8194
Description =

Error - 12/30/2011 2:04:07 AM | Computer Name = Jeremy-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

[ Cisco AnyConnect VPN Client Events ]
Error - 12/23/2011 5:23:13 PM | Computer Name = Jeremy-PC | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 314 Invoked Function:
CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED


Error - 12/23/2011 8:48:31 PM | Computer Name = JEREMY-PC | Source = vpnagent | ID = 67108865
Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
Line:
625 Timeout while trying to start the BFE service.

Error - 12/23/2011 8:48:31 PM | Computer Name = JEREMY-PC | Source = vpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
2782 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
(0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED

Error - 12/23/2011 8:48:31 PM | Computer Name = JEREMY-PC | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 314 Invoked Function:
CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED


Error - 12/24/2011 8:43:26 AM | Computer Name = Jeremy-PC | Source = vpnagent | ID = 67108865
Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
Line:
625 Timeout while trying to start the BFE service.

Error - 12/24/2011 8:43:26 AM | Computer Name = Jeremy-PC | Source = vpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
2782 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
(0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED

Error - 12/24/2011 8:43:26 AM | Computer Name = Jeremy-PC | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 314 Invoked Function:
CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED


Error - 12/30/2011 12:35:49 AM | Computer Name = Jeremy-PC | Source = vpnagent | ID = 67108865
Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
Line:
625 Timeout while trying to start the BFE service.

Error - 12/30/2011 12:35:49 AM | Computer Name = Jeremy-PC | Source = vpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
2782 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
(0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED

Error - 12/30/2011 12:35:49 AM | Computer Name = Jeremy-PC | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 314 Invoked Function:
CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED


[ System Events ]
Error - 12/30/2011 2:41:56 PM | Computer Name = Jeremy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 12/30/2011 2:46:02 PM | Computer Name = Jeremy-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147652496

Name:
Virus:Win32/Sirefef.N ID: 2147652496 Severity: Severe Category: Virus Path: file:_C:\Qoobox\Quarantine\C\Windows\system32\Drivers\tdx.sys.vir

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: Jeremy-PC\Jeremy

Process
Name: C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

Action:
%%810 Action Status: To see how to finish removing malware and other potentially
unwanted software, see the support article on the Microsoft Security website. Error
Code: 0x800704ec Error description: This program is blocked by group policy. For
more information, contact your system administrator. Signature Version: AV: 1.117.1952.0,
AS: 1.117.1952.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 12/30/2011 2:50:46 PM | Computer Name = Jeremy-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147652496

Name:
Virus:Win32/Sirefef.N ID: 2147652496 Severity: Severe Category: Virus Path: file:_C:\Qoobox\Quarantine\C\Windows\system32\Drivers\tdx.sys.vir

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: Jeremy-PC\Jeremy

Process
Name: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Action: %%810 Action Status:
To see how to finish removing malware and other potentially unwanted software,
see the support article on the Microsoft Security website. Error Code: 0x800704ec

Error
description: This program is blocked by group policy. For more information, contact
your system administrator. Signature Version: AV: 1.117.1952.0, AS: 1.117.1952.0,
NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 12/30/2011 3:03:45 PM | Computer Name = Jeremy-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/30/2011 3:04:08 PM | Computer Name = Jeremy-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/30/2011 3:04:19 PM | Computer Name = Jeremy-PC | Source = DCOM | ID = 10010
Description =

Error - 12/30/2011 3:07:07 PM | Computer Name = Jeremy-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/30/2011 3:10:09 PM | Computer Name = Jeremy-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/30/2011 3:14:05 PM | Computer Name = Jeremy-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:12:20 PM on ?12/?30/?2011 was unexpected.

Error - 12/30/2011 3:18:34 PM | Computer Name = Jeremy-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#44
RKinner
Posted 30 December 2011 - 01:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
A reformat will work if you mean totally reloading windows from a disk but you need to wipe the drive especially the mbr before reformatting. Darik's Boot and Nuke will do a good job wiping the drive:
http://www.dban.org/

After you reload you will need to go directly to windows updates (from the control panel) and get all of the updates that have come out since the disk was created.

Then I would suggest you switch to the free Avast for an anti-virus. http://www.avast.com...ivirus-download

Make sure you have the latest versions of Java and Adobe (older versions must be removed or they provide an easy path for reinfection.)
  • 0

#45
JeremyK
Posted 30 December 2011 - 01:46 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Sounds good. Also, I think I found the culprit for the instant-reinfection. I decided to resume work on my dissertation so I plugged in my external HD I had unplugged when the infection started (to protect it). I realized the HD has been auto-backing up my PC. I think it grabbed the infected files. When I reconnected it re-infected. I could be wrong, but it makes sense.

I'm cleaning the HD now and manually backing up important files. Then I'm reformatting.

Thanks for all your help thus far.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP