Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista Internet Security 2012 hammering me

Started by Raydiaz , Dec 23 2011 11:50 PM

  • Please log in to reply

#1
Raydiaz
Posted 23 December 2011 - 11:50 PM

Raydiaz

    Member

  • Member
  • PipPip
  • 11 posts
Followed search link, ESET Nod32 blocked the site but, too late. No executables are runnable and after running ESET rebooting to finish cleanup rendered the program invisible. Nalwarebytes will not run even renamed as firefox. Had to run Oldtimer.com to generate a log. Cannot run IE or Outlook. Every .exe generates a what program window. OTL log included. Thanks, Ramon.

OTL logfile created on: 12/24/2011 12:09:55 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ramon Work\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.22% Memory free
6.22 Gb Paging File | 5.14 Gb Available in Paging File | 82.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.38 Gb Total Space | 98.29 Gb Free Space | 42.48% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 85.15 Gb Free Space | 36.56% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 135.73 Gb Free Space | 29.14% Space Free | Partition Type: NTFS
Drive H: | 931.49 Gb Total Space | 82.02 Gb Free Space | 8.81% Space Free | Partition Type: NTFS

Computer Name: RAMONWORK | User Name: Ramon Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 00:08:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.com
PRC - [2011/11/16 20:33:32 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/09/22 11:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/03/08 23:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/03/08 23:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/09/14 05:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 05:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/10/24 13:03:16 | 000,069,632 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opvapp.exe
PRC - [2007/08/23 02:23:44 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/01/27 06:49:06 | 000,011,776 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
PRC - [2005/09/13 01:30:14 | 000,057,344 | ---- | M] (O2Micro International) -- C:\Windows\System32\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2010/06/13 16:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sdupsvc)
SRV - [2011/09/22 11:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/03/08 23:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/01/14 22:39:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/14 05:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2009/09/14 05:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/10/24 13:03:02 | 000,040,960 | ---- | M] (Softex Inc.) [Disabled | Stopped] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/08/23 02:23:44 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/27 06:49:06 | 000,011,776 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe -- (UpdateNaviInstallService)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/09/13 01:30:14 | 000,057,344 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV - [2011/08/09 13:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 08:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011/08/04 08:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/03/09 04:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/03/09 04:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/03/08 23:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/02/12 16:42:30 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/11/08 16:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 16:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/27 21:57:07 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/12/11 01:43:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/05 13:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/19 19:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/06/25 18:00:08 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/23 00:22:08 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/05/31 21:27:00 | 000,145,288 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/05/13 20:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007/05/11 03:56:54 | 000,035,456 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2007/02/16 18:59:26 | 000,012,848 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\FJVBCtrl.sys -- (FJVBCtrl)
DRV - [2007/01/27 08:53:42 | 000,785,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAVCap.sys -- (USBAVCap)
DRV - [2006/11/01 05:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006/11/01 05:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2006/10/03 00:23:50 | 000,036,640 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/08/29 19:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/08/28 03:56:41 | 000,008,960 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\FBIOSDRV.SYS -- (FBIOSDRV)
DRV - [2005/04/06 16:46:50 | 000,034,240 | ---- | M] (ADS) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adsexpb.sys -- (ADSEXPB)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)
DRV - [1999/11/18 03:20:00 | 000,003,872 | ---- | M] (FUJITSU LIMITED.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ADVNTDRV.SYS -- (ADVNTDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
IE - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50327

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Users\Ramon Work\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/22 07:32:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/01/14 22:31:43 | 000,000,821 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKU\.DEFAULT..\Run: [20090604] C:\Program Files\Encore\Hoyle\RegApp\encore_reg.exe /r "C:\Program Files\Encore\Hoyle\RegApp\encore_reg.rpd" File not found
O4 - HKU\S-1-5-18..\Run: [20090604] C:\Program Files\Encore\Hoyle\RegApp\encore_reg.exe /r "C:\Program Files\Encore\Hoyle\RegApp\encore_reg.rpd" File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000..\Run: [EPSON Artisan 720 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGYA.EXE (SEIKO EPSON CORPORATION)
O7 - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Create BigJig puzzle - C:\Program Files\JigMake\jm.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF1F096F-6FE5-4A79-A08D-25DF89CF4DBD}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1e4573b6-c894-11de-9410-001742bf2067}\Shell - "" = AutoRun
O33 - MountPoints2\{1e4573b6-c894-11de-9410-001742bf2067}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{2d13cf0a-9977-11de-b7d2-001742bf2067}\Shell - "" = AutoRun
O33 - MountPoints2\{2d13cf0a-9977-11de-b7d2-001742bf2067}\Shell\AutoRun\command - "" = F:\AutoLaunch.exe
O33 - MountPoints2\{da8ac740-fda5-11de-81d9-001742bf2067}\Shell\AutoRun\command - "" = I:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\...exe [@ = OM] -- "C:\Users\Ramon Work\AppData\Local\fsu.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/24 00:08:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.com
[2011/12/23 23:58:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.scr
[2011/12/23 23:57:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.exe
[2011/12/22 11:47:44 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Brabl
[2011/12/22 11:47:44 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\.gstreamer-0.10
[2011/12/22 11:47:44 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\.gnome2
[2011/12/22 11:47:23 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
[2011/12/22 11:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Christmas Tales - Fellina's Journey
[2011/12/18 11:29:12 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\SunwardGames
[2011/12/17 18:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\Documents\ElectronicParadise
[2011/12/17 18:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\Akella Games
[2011/12/13 19:34:10 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Odian Games
[2011/12/13 19:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Odian Games
[2011/12/12 01:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/12/09 20:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Fear for Sale 2- Sunnyvale Story - Collectors Edition
[2011/12/01 21:47:19 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Blue Tea Games
[2011/11/29 00:53:15 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Local\EMDM
[2011/11/28 19:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Azada
[2011/11/26 22:58:13 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Vast Studios
[2011/11/26 19:12:20 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Hidden Objects XIII
[2011/07/24 22:15:47 | 170,063,832 | ---- | C] (Frictional Games ) -- C:\Program Files\setup.exe

========== Files - Modified Within 30 Days ==========

[2011/12/24 00:08:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.com
[2011/12/23 23:58:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.scr
[2011/12/23 23:58:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.exe
[2011/12/23 23:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 23:43:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 23:43:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 23:43:27 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 23:43:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 23:43:16 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 21:26:48 | 002,297,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/23 21:26:23 | 000,011,724 | -HS- | M] () -- C:\Users\Ramon Work\AppData\Local\767567q4p450r328c150r1vcj1k1
[2011/12/23 21:26:23 | 000,011,724 | -HS- | M] () -- C:\ProgramData\767567q4p450r328c150r1vcj1k1
[2011/12/23 20:44:15 | 000,000,930 | ---- | M] () -- C:\Users\Ramon Work\Desktop\firefox2.exe - Shortcut.lnk
[2011/12/23 19:59:37 | 000,234,496 | ---- | M] () -- C:\Users\Ramon Work\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/22 11:47:23 | 000,001,000 | ---- | M] () -- C:\Users\Ramon Work\Desktop\Christmas Tales - Fellina's Journey.lnk
[2011/12/21 08:07:42 | 000,196,608 | ---- | M] () -- C:\Users\Ramon Work\Documents\36 Armand Beach Dr, Palm Coast, FL 32137 to 36 Armand Beach Dr, Palm Coast, FL 32137.ptm
[2011/12/21 07:53:34 | 000,002,527 | ---- | M] () -- C:\Users\Ramon Work\Desktop\Microsoft MapPoint North America 2009.lnk
[2011/12/20 21:26:01 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 21:26:01 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/12 22:34:59 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/12/12 13:50:15 | 000,000,230 | ---- | M] () -- C:\ProgramData\settings.xml
[2011/11/28 19:07:56 | 000,000,774 | ---- | M] () -- C:\Users\Ramon Work\Desktop\Azada.lnk

========== Files Created - No Company Name ==========

[2011/12/23 21:24:01 | 3219,574,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/23 20:44:15 | 000,000,930 | ---- | C] () -- C:\Users\Ramon Work\Desktop\firefox2.exe - Shortcut.lnk
[2011/12/23 20:29:10 | 000,011,724 | -HS- | C] () -- C:\ProgramData\767567q4p450r328c150r1vcj1k1
[2011/12/23 20:29:09 | 000,011,724 | -HS- | C] () -- C:\Users\Ramon Work\AppData\Local\767567q4p450r328c150r1vcj1k1
[2011/12/22 11:47:23 | 000,001,000 | ---- | C] () -- C:\Users\Ramon Work\Desktop\Christmas Tales - Fellina's Journey.lnk
[2011/12/20 21:00:20 | 000,196,608 | ---- | C] () -- C:\Users\Ramon Work\Documents\36 Armand Beach Dr, Palm Coast, FL 32137 to 36 Armand Beach Dr, Palm Coast, FL 32137.ptm
[2011/12/12 22:34:59 | 000,001,258 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/12/12 01:42:04 | 000,001,712 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2011/12/12 01:42:04 | 000,001,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2011/11/28 19:07:56 | 000,000,774 | ---- | C] () -- C:\Users\Ramon Work\Desktop\Azada.lnk
[2011/11/11 01:18:23 | 000,000,230 | ---- | C] () -- C:\ProgramData\settings.xml
[2011/04/24 22:52:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/08 23:16:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/02/27 13:41:58 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2011/02/27 13:06:45 | 000,262,416 | ---- | C] () -- C:\Windows\System32\ASFV2.DLL
[2011/02/08 20:54:59 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/08 20:54:59 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/08 20:54:59 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/08 20:54:59 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/08 20:54:59 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/08 20:54:59 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/08 20:54:59 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/08 20:54:59 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/08 20:54:59 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/08 20:54:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/08 20:54:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/08 20:54:59 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/08 20:54:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/08 20:54:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/08 20:54:59 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/08 20:54:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/02/08 20:50:01 | 000,000,094 | ---- | C] () -- C:\Windows\EPART725.ini
[2011/02/01 17:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/12 22:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/08/17 14:29:58 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/05/27 21:57:10 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/05/27 21:57:07 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/05/10 14:53:29 | 000,691,481 | ---- | C] () -- C:\Windows\unins000.exe
[2010/05/10 14:53:29 | 000,001,628 | ---- | C] () -- C:\Windows\unins000.dat
[2010/01/31 14:01:46 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/11/05 19:09:08 | 000,011,250 | ---- | C] () -- C:\Users\Ramon Work\AppData\Local\slot1.mm1
[2009/10/18 18:07:31 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2009/10/18 18:07:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/10/11 11:38:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/11 11:38:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/11 11:37:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/06 01:43:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/27 17:38:28 | 000,234,496 | ---- | C] () -- C:\Users\Ramon Work\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/27 16:57:35 | 000,000,680 | ---- | C] () -- C:\Users\Ramon Work\AppData\Local\d3d9caps.dat
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/04/22 15:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/04/22 15:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/04/22 15:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/11/21 12:16:06 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/11/21 12:15:48 | 000,002,088 | ---- | C] () -- C:\Windows\System32\FJSaver.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 002,297,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/07/01 09:13:30 | 000,000,229 | -HS- | C] () -- C:\Users\Ramon Work\AppData\Roaming\matrox_drv16.dat

========== LOP Check ==========

[2011/01/14 14:16:50 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\2monkeys
[2010/09/20 21:41:24 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/11/21 17:47:21 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Aerohills
[2011/07/08 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Aisle 5 Games, Inc
[2011/03/21 22:40:47 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Akhra
[2011/12/06 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Alawar Entertainment
[2011/12/09 00:37:11 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Alawar Stargaze
[2010/09/29 09:15:53 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\AltSpace Group
[2010/08/23 08:23:22 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Anarchy
[2009/09/13 12:34:24 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Ashampoo
[2011/02/22 12:01:19 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Auslogics
[2011/06/16 17:27:05 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Aveyond 3
[2011/10/18 09:39:31 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Awem
[2011/06/14 13:01:16 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Az-Art
[2010/09/19 23:10:00 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Bicyclestudios
[2011/06/17 21:13:57 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Big Finish
[2011/12/03 22:03:57 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Big Fish Games
[2011/11/16 01:43:37 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\BlamGames
[2010/07/31 12:20:56 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\blg
[2011/12/01 21:47:19 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Blue Tea Games
[2011/12/22 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Brabl
[2011/07/29 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\BrablGames
[2010/08/10 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\BrokenHearts
[2009/11/05 02:24:36 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\casanova
[2011/08/26 11:05:54 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Casual Box
[2011/09/04 11:33:08 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\casualArts
[2010/06/30 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Cat's Eye Games
[2011/11/23 16:15:46 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\cerasus.media
[2011/10/09 14:10:24 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\ChaYoWo Games
[2011/08/24 13:03:38 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Colibri Games
[2010/11/08 20:52:00 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\com.adobe.example.NatGeo-Traveler-Italy
[2010/07/11 00:34:12 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Coyotes Tale
[2010/08/10 20:42:18 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Curious Sense
[2011/10/18 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Daedalic Entertainment
[2009/08/28 15:05:44 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\DAEMON Tools Lite
[2011/09/10 18:49:04 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\DailyMagic
[2011/07/18 11:45:43 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/06/15 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\DGform
[2010/09/24 07:40:10 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Die Saeule der Maya
[2010/08/07 01:23:27 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Dragon Altar Games
[2010/07/15 17:04:12 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Dreamsdwell Stories
[2010/08/08 15:46:42 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\EcoRescue
[2011/12/09 20:49:47 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\EleFun Games
[2011/07/30 05:56:04 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\EleFun Games MPC
[2011/12/12 22:37:02 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Elephant Games
[2011/04/09 21:21:51 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\EmilyArcher
[2010/08/21 20:13:36 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Enlightenus2_BFG
[2011/02/09 10:04:40 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\EPSON
[2010/11/14 20:42:57 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\ERS G-Studio
[2011/11/19 21:24:00 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\ERS Game Studios
[2011/03/11 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Ethereal Darkness Interactive
[2010/03/18 15:34:23 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\EuroTalk
[2011/04/17 17:03:07 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\FairyTale
[2011/11/16 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Fanda Games
[2010/09/03 21:23:06 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\FileZilla
[2011/09/26 09:54:16 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Finstere Liebschaft
[2010/11/20 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Flood Light Games
[2011/08/25 11:42:26 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Floodlight Games
[2011/12/09 01:14:47 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\FlyWheelGames
[2009/08/28 17:32:57 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Forte
[2011/09/01 13:13:14 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Freeze Tag
[2010/12/20 15:02:33 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\FreezeTag
[2011/06/17 10:00:57 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Friday's games
[2011/07/14 22:43:07 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Frozen Kingdom
[2011/04/27 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Fugazo
[2009/08/27 19:22:02 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Fujitsu
[2010/11/29 19:05:12 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\funkitron
[2011/10/28 17:02:26 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Funlinker
[2011/09/03 14:15:36 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Funswitch
[2011/03/20 19:28:20 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Fuzzy Bug Interactive
[2010/06/06 14:37:19 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Gaijin Ent
[2010/07/17 22:38:34 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\game
[2009/10/25 10:27:13 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Game Mill Entertainment
[2011/10/23 18:19:33 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\GameHouse
[2010/11/21 01:29:16 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Gamers Digital
[2011/06/26 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Games
[2011/08/22 21:21:31 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\GAMGO
[2011/04/10 18:48:16 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\GarageGames
[2010/11/08 21:19:44 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Gestalt Games
[2011/03/21 15:00:30 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\GestaltGames
[2011/09/15 18:23:47 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Ghost Ship Studios
[2010/11/14 19:54:54 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\GhostFleet
[2011/09/17 21:23:52 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\GO Games
[2011/12/15 15:18:14 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Gogii
[2010/07/15 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Gold Casual Games
[2010/09/03 05:48:16 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Green Clover Games
[2011/07/12 23:52:43 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\GreenSauceGames
[2009/10/29 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\GTM_Bodie
[2011/11/28 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\HdO Adventure
[2011/07/15 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\HeroCraft
[2011/11/26 22:36:59 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Hidden Objects XIII
[2011/08/26 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\HillStoneAnimationStudios
[2010/11/06 18:26:52 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\HiT-MM
[2011/08/28 09:00:37 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\HitPoint Studios
[2011/11/20 21:45:05 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Hoyle Card Games
[2011/11/20 21:44:30 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Hoyle FaceCreator
[2010/08/14 15:14:36 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\iMaxGen
[2009/12/24 22:19:21 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\IMSIDesign
[2011/10/04 10:07:33 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\In search of the Lost Temple
[2010/11/09 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Island - The Lost Medallion
[2009/12/28 02:21:10 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\iWin
[2010/11/12 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Janes Realty2
[2011/07/26 01:41:34 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Jetdogs Studios
[2011/04/12 17:32:55 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\JodieDrake
[2010/11/13 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\JoyBits
[2011/07/19 20:22:44 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\JQ
[2010/11/17 19:43:15 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\KranX Productions
[2011/08/15 14:53:10 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\LaJangada
[2011/05/09 08:28:25 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Lazy Turtle Games
[2011/02/08 20:58:56 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Leadertech
[2011/06/27 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\LegacyInteractive
[2011/07/07 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\LestaStudio
[2010/11/19 18:39:53 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Little Noir Stories
[2010/12/20 00:12:20 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\LittleGamesCompany
[2011/06/09 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\LookingGlassSG
[2009/11/05 12:14:00 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Lost in the City - Post scriptum
[2010/07/14 09:27:41 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Ludia
[2009/10/11 18:15:54 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MA
[2010/11/22 11:37:23 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MA2
[2010/12/13 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Magic3
[2011/04/12 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MagicMatch
[2011/08/11 12:48:48 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Magnet's Story
[2010/11/22 11:05:05 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MAI
[2010/08/04 01:46:33 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MapInfo
[2011/03/23 09:22:39 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\margrave3_full
[2011/09/24 13:40:36 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Mariaglorum
[2010/08/10 21:08:19 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MastersOfMystery2
[2011/05/07 21:02:55 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Maximize Games
[2011/07/24 15:13:15 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Mayan Puzzle
[2011/03/21 14:42:38 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\md studio
[2011/11/11 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MediaArt
[2010/11/29 16:43:02 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Meridian93
[2010/11/13 18:36:51 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Merscom
[2011/07/26 15:20:01 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Millennium Secrets - Roxannes Necklace Strategy Guide
[2009/11/07 10:35:58 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MissTeriTale3
[2011/08/25 20:19:06 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MM4_Saves
[2011/07/04 02:24:51 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MoMB_Full_Eng
[2011/06/09 16:56:51 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Monkey Barrel Games
[2011/04/17 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\My Games
[2010/11/22 11:07:01 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Mystery of Mortlake Mansion
[2009/11/07 16:15:42 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\MysteryStudio
[2009/09/28 11:51:24 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Mysteryville2
[2011/03/18 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Namco
[2011/12/13 19:34:10 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Odian Games
[2011/10/02 19:27:54 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Orneon
[2010/08/09 00:19:10 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\OtherSide Realm of Eons
[2011/01/14 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Phantasmat_bf_ce1
[2009/09/26 13:51:54 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Pirateville
[2011/06/26 15:38:28 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\PlayFirst
[2011/11/13 15:18:53 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\PlayPond
[2009/11/05 01:25:02 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Playrix Entertainment
[2010/09/29 16:32:32 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\PoBros
[2010/11/21 17:59:36 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Pogo Games
[2010/07/15 18:37:58 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Princess Isabella
[2010/09/15 10:04:59 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\QB9
[2011/12/10 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\quickclick
[2011/10/17 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Rainbow
[2010/07/24 20:48:37 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Reflexive
[2011/07/27 20:26:18 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Relentless Software
[2011/10/20 13:08:47 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Sahmon Games
[2011/04/12 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Saqqarah
[2010/11/18 22:04:27 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\SecretIslandHoland
[2010/07/15 19:15:51 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\SerpentOfIsis
[2011/08/25 13:52:51 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Serpent_Of_Isis2_Guide
[2010/11/08 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\SevenSails
[2010/08/23 22:50:02 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\ShaoLin
[2010/11/22 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\ShinyTales
[2011/04/16 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Silverback Productions
[2010/07/27 11:36:52 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Skip-Bo
[2011/04/12 17:33:19 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Sleepwalker Games
[2011/09/16 00:55:07 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\SMIGames
[2011/12/23 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\SolSuite
[2011/03/22 21:43:20 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\SpinTop
[2011/11/13 14:25:22 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\SpinTop Games
[2010/06/03 13:19:22 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\SprillBermudeEng
[2011/04/12 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\StoneLoops!
[2010/12/22 23:32:52 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Striped Arts
[2010/07/15 19:19:24 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Sudden Games
[2011/10/20 15:44:27 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\TAC-CM CRACKED
[2010/11/16 01:29:26 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\TeleportGamesLtd
[2011/08/25 20:21:55 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Ten Heavens
[2011/07/10 13:30:05 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Teyon
[2010/11/09 22:27:37 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\The Inquisitor
[2010/07/15 16:56:48 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Thinstall
[2011/05/07 20:34:22 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Thoughtquake
[2010/11/20 15:59:16 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\ThreeDays2
[2010/07/15 19:18:21 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\TikGames
[2010/11/17 22:08:00 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\TikisLab
[2010/11/14 17:11:16 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\TimeMachine
[2011/07/22 11:17:54 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\TitanicMystery
[2010/09/20 16:14:04 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/11/23 16:18:35 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Top Evidence
[2011/08/14 10:29:00 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Total Eclipse
[2011/06/24 21:35:54 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\TrickySoftware
[2011/07/05 22:41:27 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\TripleHippo
[2011/09/07 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\UHS Reader
[2009/11/21 22:08:00 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\URSE Games
[2011/07/06 15:06:20 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Val'Gor 2
[2011/07/06 15:05:31 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\ValGor_2
[2011/06/26 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Valusoft
[2011/11/26 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Vast Studios
[2011/07/03 23:38:56 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\VendelGAMES
[2011/06/26 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Virtual Prophecy
[2011/07/10 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\WendigoStudios
[2011/03/18 19:50:01 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\WhiteBirdsProductions
[2011/10/20 10:10:12 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\win32
[2009/09/11 12:13:41 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Wireshark
[2010/11/21 01:27:46 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\World-LooM
[2011/08/11 12:39:35 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Written-Legends-Nightmare-at-Sea-Strategy-Guide
[2011/11/17 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\YoudaGames
[2011/11/17 18:06:14 | 000,000,000 | ---D | M] -- C:\Users\Ramon Work\AppData\Roaming\Zylom
[2011/12/23 23:40:34 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/03/23 00:27:56 | 000,245,925 | ---- | M] ()(C:\Users\Ramon Work\Documents\????.mht) -- C:\Users\Ramon Work\Documents\电信建设.mht
[2010/03/23 00:27:55 | 000,245,925 | ---- | C] ()(C:\Users\Ramon Work\Documents\????.mht) -- C:\Users\Ramon Work\Documents\电信建设.mht

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:65929158
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:DA5888A7
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:18DEBC51
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:89CC3B44
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:F26F5952
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:4CD3F344
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:4A8EB1C4
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:9195103F
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DC0B1070
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:E3615992
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:B4258C5D
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:ED0B32CA
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:14B2E0BD
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:4FA837B4
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:FB4262DE
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:8F067037
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:378824DE
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:ED51D3ED
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:EAF954B6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:BDBC3765
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:13666EE4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C49A5AD1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65B8AF94
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B2112128
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E0888117
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:25F31665
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FB65A4AA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D1AD90C3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:DB2748F7
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8855A119
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4D551822
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B3C7433B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8029E75F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C4288847
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C36D0DFD
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F5D01D7C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EE198B1F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2D2461E7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7BE5BAAB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C86E2AD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:17EB5BAE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:14362DF8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:75798D9A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:62AC0CCE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4E79C4F8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BEACE4C8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:95D2904B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4C31986D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:19474103
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A8B4A032
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EFB2E8E2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:93C48025
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4F28299B
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:26499772
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:114C90CA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DCF5E5D4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C2151AD3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BD8C785E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5154845A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:474022C7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:183A9046
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6710EF08
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0344F92D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F5E8CAE0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DBC3D477
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B42328DE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9F139265
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4C3D5A8B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:26A148EB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E9C8E31F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E6BEADB7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E40D7F76
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D999FFD5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:072CBE6D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D026A5A4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34EFF1F2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FFD58FFB
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E6708F08
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93B8F954
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2667C87D
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:207C4C79
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:02F30776
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A60D4837
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774C075A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4C35C064
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:02CC0035
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AFC732F7
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E1D6C864
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:78E0DF72

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 24 December 2011 - 07:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
IE - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50327
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [20090604] C:\Program Files\Encore\Hoyle\RegApp\encore_reg.exe /r "C:\Program Files\Encore\Hoyle\RegApp\encore_reg.rpd" File not found
O4 - HKU\S-1-5-18..\Run: [20090604] C:\Program Files\Encore\Hoyle\RegApp\encore_reg.exe /r "C:\Program Files\Encore\Hoyle\RegApp\encore_reg.rpd" File not found
O4 - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000..\Run: [AdobeBridge] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O37 - HKU\S-1-5-21-1097187259-2279479030-4198266865-1000\...exe [@ = OM] -- "C:\Users\Ramon Work\AppData\Local\fsu.exe" -a "%1" %*

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Users\Ramon Work\AppData\Local\*.exe
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Raydiaz
Posted 25 December 2011 - 12:33 AM

Raydiaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarenyte log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122501

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19170

12/25/2011 12:12:10 AM
mbam-log-2011-12-25 (00-12-10).txt

Scan type: Quick scan
Objects scanned: 179499
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\ramon work\AppData\Local\Temp\raramioeca (Trojan.FakeAV) -> Quarantined and deleted successfully.

Combofix log:

ComboFix 11-12-24.10 - Ramon Work 12/25/2011 0:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2014 [GMT -5:00]
Running from: c:\users\Ramon Work\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\10099.exe
c:\program files\Setup.exe
c:\programdata\Herofy
c:\programdata\Herofy\save.aps
c:\programdata\log.txt
c:\users\Ramon Work\AppData\Roaming\Win32
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 05:52 . 2011-12-25 05:52 -------- d-----w- c:\users\Ramon Work\AppData\Local\temp
2011-12-25 05:52 . 2011-12-25 05:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-25 05:07 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-25 04:56 . 2011-12-25 04:56 -------- d-----w- C:\_OTL
2011-12-22 16:47 . 2011-12-22 16:47 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\Brabl
2011-12-22 16:47 . 2011-12-22 16:47 -------- d-----w- c:\users\Ramon Work\.gstreamer-0.10
2011-12-22 16:47 . 2011-12-22 16:47 -------- d-----w- c:\users\Ramon Work\.gnome2
2011-12-22 16:44 . 2011-12-22 16:47 -------- d-----w- c:\program files\Christmas Tales - Fellina's Journey
2011-12-22 16:36 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F72C6BA6-3E77-4348-BFB1-C16A09CA511D}\mpengine.dll
2011-12-18 16:29 . 2011-12-18 16:29 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\SunwardGames
2011-12-17 23:35 . 2011-12-17 23:35 -------- d-----w- c:\program files\Akella Games
2011-12-14 06:04 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 06:04 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 00:34 . 2011-12-14 00:34 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\Odian Games
2011-12-14 00:34 . 2011-12-14 00:34 -------- d-----w- c:\programdata\Odian Games
2011-12-12 06:41 . 2011-12-12 06:41 -------- d-----w- c:\programdata\Big Fish Games
2011-12-10 01:09 . 2011-12-10 01:09 -------- d-----w- c:\program files\Fear for Sale 2- Sunnyvale Story - Collectors Edition
2011-12-02 02:47 . 2011-12-02 02:47 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\Blue Tea Games
2011-11-29 05:53 . 2011-11-29 06:12 -------- d-----w- c:\users\Ramon Work\AppData\Local\EMDM
2011-11-29 00:07 . 2011-11-29 00:07 -------- d-----w- c:\program files\Azada
2011-11-27 03:58 . 2011-11-27 03:58 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\Vast Studios
2011-11-27 00:12 . 2011-11-27 03:36 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\Hidden Objects XIII
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 02:24 . 2011-11-21 02:25 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-11-17 01:33 . 2011-05-17 15:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-26 151552]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2007-02-10 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2007-06-13 84784]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-13 68400]
"TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2007-10-01 106496]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-02-05 167936]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ramon Work^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Ramon Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 19:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 02:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\firefox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
2007-10-24 19:01 2564096 ----a-w- c:\program files\Softex\OmniPass\scureapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 01:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R2 sdupsvc;sdupsvc;c:\program files\SDUProtect\sdupsvc.exe [x]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2007-01-27 785408]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 8960]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-05-11 35456]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-11 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 FJVBCtrl;FJVBCtrl;c:\program files\Fujitsu\Fujitsu Hotkey Utility\FJVBCtrl.sys [2007-02-16 12848]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2007-01-27 11776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 19:21]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 19:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.earthlink.net/
uInternet Settings,ProxyOverride = <local>
IE: Create BigJig puzzle - c:\program files\JigMake\jm.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-MCStart - c:\program files\Bell Mobility\Mobile Connect Basic\tscui.exe
MSConfigStartUp-tscui - c:\program files\Bell Mobility\Mobile Connect Basic\tscui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-25 00:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-25 00:56:05
ComboFix-quarantined-files.txt 2011-12-25 05:55
.
Pre-Run: 105,950,711,808 bytes free
Post-Run: 105,875,460,096 bytes free
.
- - End Of File - - BA19E573BBC77005F8B186798E4C6C93


TDSSKiller log:

01:01:31.0648 3704 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
01:01:31.0960 3704 ============================================================
01:01:31.0960 3704 Current date / time: 2011/12/25 01:01:31.0960
01:01:31.0960 3704 SystemInfo:
01:01:31.0960 3704
01:01:31.0960 3704 OS Version: 6.0.6002 ServicePack: 2.0
01:01:31.0960 3704 Product type: Workstation
01:01:31.0960 3704 ComputerName: RAMONWORK
01:01:31.0960 3704 UserName: Ramon Work
01:01:31.0960 3704 Windows directory: C:\Windows
01:01:31.0960 3704 System windows directory: C:\Windows
01:01:31.0960 3704 Processor architecture: Intel x86
01:01:31.0960 3704 Number of processors: 2
01:01:31.0960 3704 Page size: 0x1000
01:01:31.0960 3704 Boot type: Normal boot
01:01:31.0960 3704 ============================================================
01:01:38.0808 3704 Initialize success
01:01:51.0569 3256 ============================================================
01:01:51.0569 3256 Scan started
01:01:51.0569 3256 Mode: Manual;
01:01:51.0569 3256 ============================================================
01:01:52.0224 3256 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
01:01:52.0224 3256 61883 - ok
01:01:52.0302 3256 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
01:01:52.0302 3256 ACPI - ok
01:01:52.0412 3256 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
01:01:52.0412 3256 adfs - ok
01:01:52.0474 3256 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
01:01:52.0474 3256 adp94xx - ok
01:01:52.0614 3256 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
01:01:52.0614 3256 adpahci - ok
01:01:52.0692 3256 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
01:01:52.0692 3256 adpu160m - ok
01:01:52.0755 3256 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
01:01:52.0755 3256 adpu320 - ok
01:01:52.0833 3256 ADSEXPB (d6283a2039c54e34eb5ba518c9aedca5) C:\Windows\system32\Drivers\adsexpb.SYS
01:01:52.0833 3256 ADSEXPB - ok
01:01:52.0973 3256 ADVNTDRV (e341a95c1329e272782b2baecc64316a) C:\Windows\System32\drivers\ADVNTDRV.SYS
01:01:52.0973 3256 ADVNTDRV - ok
01:01:53.0082 3256 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
01:01:53.0082 3256 AFD - ok
01:01:53.0192 3256 AgereSoftModem (de9df7a02803e923c7695b343678ac25) C:\Windows\system32\DRIVERS\AGRSM.sys
01:01:53.0207 3256 AgereSoftModem - ok
01:01:53.0254 3256 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
01:01:53.0254 3256 agp440 - ok
01:01:53.0348 3256 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:01:53.0348 3256 aic78xx - ok
01:01:53.0441 3256 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
01:01:53.0441 3256 aliide - ok
01:01:53.0566 3256 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
01:01:53.0566 3256 amdagp - ok
01:01:53.0628 3256 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
01:01:53.0628 3256 amdide - ok
01:01:53.0691 3256 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
01:01:53.0691 3256 AmdK7 - ok
01:01:53.0878 3256 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
01:01:53.0878 3256 AmdK8 - ok
01:01:55.0173 3256 amdkmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
01:01:55.0220 3256 amdkmdag - ok
01:01:55.0641 3256 amdkmdap (655053f7c0a3b551da84db7417a10e15) C:\Windows\system32\DRIVERS\atikmpag.sys
01:01:55.0641 3256 amdkmdap - ok
01:01:56.0031 3256 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
01:01:56.0031 3256 ApfiltrService - ok
01:01:56.0327 3256 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
01:01:56.0327 3256 arc - ok
01:01:56.0592 3256 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
01:01:56.0592 3256 arcsas - ok
01:01:56.0795 3256 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
01:01:56.0795 3256 AsyncMac - ok
01:01:56.0920 3256 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
01:01:56.0920 3256 atapi - ok
01:01:57.0014 3256 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
01:01:57.0029 3256 athr - ok
01:01:58.0168 3256 atikmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
01:01:58.0230 3256 atikmdag - ok
01:01:58.0464 3256 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
01:01:58.0464 3256 atksgt - ok
01:01:58.0652 3256 ATSWPDRV (0c81d19fa268480ab0b01b989cfa948c) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
01:01:58.0652 3256 ATSWPDRV - ok
01:01:58.0839 3256 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
01:01:58.0839 3256 Avc - ok
01:01:58.0901 3256 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
01:01:58.0917 3256 Beep - ok
01:01:59.0104 3256 blbdrive - ok
01:01:59.0354 3256 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
01:01:59.0369 3256 bowser - ok
01:01:59.0432 3256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:01:59.0432 3256 BrFiltLo - ok
01:01:59.0744 3256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:01:59.0744 3256 BrFiltUp - ok
01:01:59.0931 3256 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:01:59.0931 3256 Brserid - ok
01:02:00.0368 3256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:02:00.0368 3256 BrSerWdm - ok
01:02:00.0695 3256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:02:00.0695 3256 BrUsbMdm - ok
01:02:00.0789 3256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:02:00.0789 3256 BrUsbSer - ok
01:02:00.0960 3256 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
01:02:00.0976 3256 BTHMODEM - ok
01:02:01.0210 3256 catchme - ok
01:02:01.0366 3256 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
01:02:01.0382 3256 cdfs - ok
01:02:01.0428 3256 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
01:02:01.0428 3256 cdrom - ok
01:02:01.0506 3256 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
01:02:01.0506 3256 circlass - ok
01:02:01.0662 3256 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
01:02:01.0678 3256 CLFS - ok
01:02:01.0787 3256 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
01:02:01.0803 3256 CmBatt - ok
01:02:01.0850 3256 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
01:02:01.0850 3256 cmdide - ok
01:02:01.0974 3256 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
01:02:01.0974 3256 Compbatt - ok
01:02:02.0224 3256 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
01:02:02.0224 3256 crcdisk - ok
01:02:02.0349 3256 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
01:02:02.0349 3256 Crusoe - ok
01:02:02.0536 3256 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
01:02:02.0552 3256 DfsC - ok
01:02:02.0661 3256 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
01:02:02.0661 3256 disk - ok
01:02:02.0708 3256 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
01:02:02.0708 3256 drmkaud - ok
01:02:02.0988 3256 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
01:02:03.0020 3256 DXGKrnl - ok
01:02:03.0129 3256 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:02:03.0129 3256 E1G60 - ok
01:02:03.0269 3256 eamonm (04238864710460c5682e260207d06192) C:\Windows\system32\DRIVERS\eamonm.sys
01:02:03.0269 3256 eamonm - ok
01:02:03.0378 3256 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
01:02:03.0378 3256 Ecache - ok
01:02:03.0503 3256 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\Windows\system32\DRIVERS\ehdrv.sys
01:02:03.0503 3256 ehdrv - ok
01:02:03.0628 3256 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
01:02:03.0628 3256 elxstor - ok
01:02:03.0690 3256 epfwwfpr (f39c91795ebdb9ecbeb5a388ff2841fe) C:\Windows\system32\DRIVERS\epfwwfpr.sys
01:02:03.0690 3256 epfwwfpr - ok
01:02:04.0002 3256 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
01:02:04.0002 3256 exfat - ok
01:02:04.0096 3256 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
01:02:04.0096 3256 fastfat - ok
01:02:04.0158 3256 FBIOSDRV (f64b86a52fb20686954703a6f7a955d5) C:\Windows\system32\drivers\FBIOSDRV.SYS
01:02:04.0158 3256 FBIOSDRV - ok
01:02:04.0377 3256 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
01:02:04.0377 3256 fdc - ok
01:02:04.0455 3256 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
01:02:04.0455 3256 FileInfo - ok
01:02:04.0580 3256 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
01:02:04.0580 3256 Filetrace - ok
01:02:04.0642 3256 FJVBCtrl (d3b9f07231eb21634ca4debd6af6da4c) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\FJVBCtrl.sys
01:02:04.0642 3256 FJVBCtrl - ok
01:02:04.0814 3256 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
01:02:04.0814 3256 flpydisk - ok
01:02:05.0016 3256 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
01:02:05.0032 3256 FltMgr - ok
01:02:05.0172 3256 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
01:02:05.0172 3256 Fs_Rec - ok
01:02:05.0313 3256 FUJ02B1 (49e588ac7d2b57f057756a91c6f36d25) C:\Windows\system32\DRIVERS\FUJ02B1.sys
01:02:05.0313 3256 FUJ02B1 - ok
01:02:05.0422 3256 FUJ02E3 (d45474a7e5e2f35150c29a3193747884) C:\Windows\system32\DRIVERS\FUJ02E3.sys
01:02:05.0422 3256 FUJ02E3 - ok
01:02:05.0500 3256 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
01:02:05.0500 3256 gagp30kx - ok
01:02:05.0672 3256 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
01:02:05.0672 3256 HdAudAddService - ok
01:02:05.0765 3256 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:02:05.0781 3256 HDAudBus - ok
01:02:05.0921 3256 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:02:05.0921 3256 HidBth - ok
01:02:06.0030 3256 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:02:06.0030 3256 HidIr - ok
01:02:06.0140 3256 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
01:02:06.0140 3256 HidUsb - ok
01:02:06.0233 3256 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
01:02:06.0249 3256 HpCISSs - ok
01:02:06.0405 3256 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
01:02:06.0405 3256 HTTP - ok
01:02:06.0452 3256 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
01:02:06.0452 3256 i2omp - ok
01:02:06.0608 3256 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
01:02:06.0608 3256 i8042prt - ok
01:02:06.0920 3256 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
01:02:06.0920 3256 ialm - ok
01:02:07.0122 3256 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
01:02:07.0122 3256 iaStor - ok
01:02:07.0278 3256 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
01:02:07.0294 3256 iaStorV - ok
01:02:07.0434 3256 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:02:07.0434 3256 iirsp - ok
01:02:07.0684 3256 IntcAzAudAddService (efad2bc74d06c5f53fa64b6dd6dbb459) C:\Windows\system32\drivers\RTKVHDA.sys
01:02:07.0762 3256 IntcAzAudAddService - ok
01:02:07.0934 3256 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
01:02:07.0934 3256 intelide - ok
01:02:08.0012 3256 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
01:02:08.0012 3256 intelppm - ok
01:02:08.0090 3256 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:02:08.0105 3256 IpFilterDriver - ok
01:02:08.0230 3256 IpInIp - ok
01:02:08.0292 3256 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
01:02:08.0292 3256 IPMIDRV - ok
01:02:08.0370 3256 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
01:02:08.0370 3256 IPNAT - ok
01:02:08.0433 3256 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
01:02:08.0433 3256 IRENUM - ok
01:02:08.0511 3256 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
01:02:08.0511 3256 isapnp - ok
01:02:08.0651 3256 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
01:02:08.0651 3256 iScsiPrt - ok
01:02:08.0760 3256 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:02:08.0760 3256 iteatapi - ok
01:02:08.0823 3256 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:02:08.0823 3256 iteraid - ok
01:02:08.0901 3256 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:02:08.0901 3256 kbdclass - ok
01:02:09.0026 3256 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
01:02:09.0026 3256 kbdhid - ok
01:02:09.0119 3256 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
01:02:09.0119 3256 KMWDFILTER - ok
01:02:09.0197 3256 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
01:02:09.0244 3256 KSecDD - ok
01:02:09.0384 3256 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
01:02:09.0384 3256 lirsgt - ok
01:02:09.0525 3256 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
01:02:09.0525 3256 lltdio - ok
01:02:09.0587 3256 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
01:02:09.0587 3256 LSI_FC - ok
01:02:09.0665 3256 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
01:02:09.0665 3256 LSI_SAS - ok
01:02:09.0728 3256 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
01:02:09.0728 3256 LSI_SCSI - ok
01:02:09.0821 3256 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
01:02:09.0821 3256 luafv - ok
01:02:09.0868 3256 MBAMSwissArmy - ok
01:02:09.0977 3256 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
01:02:09.0977 3256 megasas - ok
01:02:10.0102 3256 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
01:02:10.0102 3256 Modem - ok
01:02:10.0149 3256 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
01:02:10.0149 3256 monitor - ok
01:02:10.0227 3256 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
01:02:10.0227 3256 mouclass - ok
01:02:10.0289 3256 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
01:02:10.0289 3256 mouhid - ok
01:02:10.0352 3256 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
01:02:10.0352 3256 MountMgr - ok
01:02:10.0414 3256 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
01:02:10.0430 3256 mpio - ok
01:02:10.0523 3256 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
01:02:10.0523 3256 mpsdrv - ok
01:02:10.0586 3256 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:02:10.0586 3256 Mraid35x - ok
01:02:10.0695 3256 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
01:02:10.0695 3256 MREMP50 - ok
01:02:10.0710 3256 MREMPR5 - ok
01:02:10.0710 3256 MRENDIS5 - ok
01:02:10.0773 3256 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
01:02:10.0773 3256 MRESP50 - ok
01:02:10.0898 3256 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
01:02:10.0898 3256 MRxDAV - ok
01:02:10.0976 3256 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:02:10.0976 3256 mrxsmb - ok
01:02:11.0069 3256 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:02:11.0085 3256 mrxsmb10 - ok
01:02:11.0116 3256 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:02:11.0116 3256 mrxsmb20 - ok
01:02:11.0241 3256 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
01:02:11.0241 3256 msahci - ok
01:02:11.0319 3256 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
01:02:11.0319 3256 msdsm - ok
01:02:11.0412 3256 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
01:02:11.0412 3256 MSDV - ok
01:02:11.0537 3256 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
01:02:11.0537 3256 Msfs - ok
01:02:11.0584 3256 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
01:02:11.0584 3256 msisadrv - ok
01:02:11.0709 3256 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
01:02:11.0709 3256 MSKSSRV - ok
01:02:11.0771 3256 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
01:02:11.0771 3256 MSPCLOCK - ok
01:02:11.0880 3256 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
01:02:11.0880 3256 MSPQM - ok
01:02:11.0943 3256 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
01:02:11.0943 3256 MsRPC - ok
01:02:12.0021 3256 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
01:02:12.0021 3256 mssmbios - ok
01:02:12.0083 3256 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
01:02:12.0083 3256 MSTEE - ok
01:02:12.0177 3256 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
01:02:12.0177 3256 Mup - ok
01:02:12.0286 3256 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
01:02:12.0286 3256 NativeWifiP - ok
01:02:12.0380 3256 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
01:02:12.0380 3256 NDIS - ok
01:02:12.0442 3256 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
01:02:12.0442 3256 NdisTapi - ok
01:02:12.0551 3256 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
01:02:12.0551 3256 Ndisuio - ok
01:02:12.0645 3256 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:02:12.0645 3256 NdisWan - ok
01:02:12.0723 3256 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
01:02:12.0723 3256 NDProxy - ok
01:02:12.0832 3256 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
01:02:12.0832 3256 NetBIOS - ok
01:02:12.0988 3256 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
01:02:12.0988 3256 netbt - ok
01:02:13.0113 3256 NETMDUSB (986acdece933131288f1957dc359865f) C:\Windows\system32\Drivers\NETMDUSB.sys
01:02:13.0113 3256 NETMDUSB - ok
01:02:13.0238 3256 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:02:13.0238 3256 nfrd960 - ok
01:02:13.0331 3256 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
01:02:13.0331 3256 Npfs - ok
01:02:13.0409 3256 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
01:02:13.0409 3256 nsiproxy - ok
01:02:13.0534 3256 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
01:02:13.0581 3256 Ntfs - ok
01:02:13.0659 3256 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:02:13.0659 3256 ntrigdigi - ok
01:02:13.0737 3256 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
01:02:13.0737 3256 Null - ok
01:02:13.0799 3256 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
01:02:13.0799 3256 nvraid - ok
01:02:13.0908 3256 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
01:02:13.0908 3256 nvstor - ok
01:02:13.0971 3256 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
01:02:13.0971 3256 nv_agp - ok
01:02:14.0033 3256 NwlnkFlt - ok
01:02:14.0111 3256 NwlnkFwd - ok
01:02:14.0189 3256 O2MDRDR (f4aa04f7ba01d54b31f14841386cc60b) C:\Windows\system32\DRIVERS\o2media.sys
01:02:14.0189 3256 O2MDRDR - ok
01:02:14.0252 3256 O2SDRDR (06b541d57b9b8ea2f0ebebcaebc90718) C:\Windows\system32\DRIVERS\o2sd.sys
01:02:14.0267 3256 O2SDRDR - ok
01:02:14.0314 3256 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
01:02:14.0330 3256 ohci1394 - ok
01:02:14.0454 3256 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:02:14.0454 3256 Parport - ok
01:02:14.0548 3256 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
01:02:14.0548 3256 partmgr - ok
01:02:14.0626 3256 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:02:14.0626 3256 Parvdm - ok
01:02:14.0673 3256 PCASp50 - ok
01:02:14.0751 3256 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
01:02:14.0751 3256 pci - ok
01:02:14.0829 3256 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
01:02:14.0829 3256 pciide - ok
01:02:14.0922 3256 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
01:02:14.0922 3256 pcmcia - ok
01:02:15.0016 3256 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:02:15.0047 3256 PEAUTH - ok
01:02:15.0234 3256 Point32 (e56e57cfb75b1ee2bb001ad036c27fbb) C:\Windows\system32\DRIVERS\point32k.sys
01:02:15.0234 3256 Point32 - ok
01:02:15.0297 3256 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
01:02:15.0297 3256 PptpMiniport - ok
01:02:15.0390 3256 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
01:02:15.0390 3256 Processor - ok
01:02:15.0468 3256 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
01:02:15.0468 3256 PSched - ok
01:02:15.0562 3256 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
01:02:15.0562 3256 PxHelp20 - ok
01:02:15.0671 3256 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
01:02:15.0687 3256 ql2300 - ok
01:02:15.0780 3256 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:02:15.0780 3256 ql40xx - ok
01:02:15.0858 3256 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
01:02:15.0858 3256 QWAVEdrv - ok
01:02:15.0952 3256 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
01:02:15.0952 3256 RasAcd - ok
01:02:16.0030 3256 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:02:16.0030 3256 Rasl2tp - ok
01:02:16.0124 3256 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
01:02:16.0124 3256 RasPppoe - ok
01:02:16.0217 3256 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
01:02:16.0217 3256 RasSstp - ok
01:02:16.0280 3256 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
01:02:16.0280 3256 rdbss - ok
01:02:16.0358 3256 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:02:16.0358 3256 RDPCDD - ok
01:02:16.0451 3256 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
01:02:16.0451 3256 rdpdr - ok
01:02:16.0560 3256 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
01:02:16.0560 3256 RDPENCDD - ok
01:02:16.0623 3256 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
01:02:16.0623 3256 RDPWD - ok
01:02:16.0763 3256 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
01:02:16.0763 3256 rspndr - ok
01:02:16.0841 3256 RTHDMIAzAudService (9bb3b278b082acd7dad7b6f4fa442e30) C:\Windows\system32\drivers\RtHDMIV.sys
01:02:16.0841 3256 RTHDMIAzAudService - ok
01:02:16.0950 3256 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:02:16.0950 3256 sbp2port - ok
01:02:17.0044 3256 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
01:02:17.0044 3256 sdbus - ok
01:02:17.0169 3256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:02:17.0169 3256 secdrv - ok
01:02:17.0247 3256 ser2plms (227df2e68510d25462ee80136722374e) C:\Windows\system32\DRIVERS\ser2plms.sys
01:02:17.0247 3256 ser2plms - ok
01:02:17.0356 3256 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:02:17.0356 3256 Serenum - ok
01:02:17.0418 3256 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:02:17.0418 3256 Serial - ok
01:02:17.0528 3256 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
01:02:17.0528 3256 sermouse - ok
01:02:17.0590 3256 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
01:02:17.0590 3256 sffdisk - ok
01:02:17.0637 3256 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
01:02:17.0637 3256 sffp_mmc - ok
01:02:17.0684 3256 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
01:02:17.0684 3256 sffp_sd - ok
01:02:17.0777 3256 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:02:17.0777 3256 sfloppy - ok
01:02:17.0902 3256 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
01:02:17.0902 3256 sisagp - ok
01:02:17.0980 3256 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
01:02:17.0980 3256 SiSRaid2 - ok
01:02:18.0027 3256 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
01:02:18.0027 3256 SiSRaid4 - ok
01:02:18.0136 3256 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
01:02:18.0136 3256 Smb - ok
01:02:18.0214 3256 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
01:02:18.0214 3256 spldr - ok
01:02:18.0323 3256 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
01:02:18.0323 3256 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
01:02:18.0323 3256 sptd ( LockedFile.Multi.Generic ) - warning
01:02:18.0323 3256 sptd - detected LockedFile.Multi.Generic (1)
01:02:18.0432 3256 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
01:02:18.0432 3256 srv - ok
01:02:18.0526 3256 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
01:02:18.0526 3256 srv2 - ok
01:02:18.0573 3256 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
01:02:18.0573 3256 srvnet - ok
01:02:18.0713 3256 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
01:02:18.0713 3256 swenum - ok
01:02:18.0776 3256 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:02:18.0791 3256 Symc8xx - ok
01:02:18.0854 3256 SymIM - ok
01:02:18.0885 3256 SymIMMP - ok
01:02:18.0963 3256 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:02:18.0963 3256 Sym_hi - ok
01:02:19.0010 3256 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:02:19.0010 3256 Sym_u3 - ok
01:02:19.0181 3256 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
01:02:19.0197 3256 Tcpip - ok
01:02:19.0306 3256 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
01:02:19.0306 3256 Tcpip6 - ok
01:02:19.0384 3256 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
01:02:19.0384 3256 tcpipreg - ok
01:02:19.0446 3256 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
01:02:19.0446 3256 TDPIPE - ok
01:02:19.0524 3256 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
01:02:19.0524 3256 TDTCP - ok
01:02:19.0634 3256 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
01:02:19.0634 3256 tdx - ok
01:02:19.0727 3256 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
01:02:19.0727 3256 TermDD - ok
01:02:19.0805 3256 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:02:19.0805 3256 tssecsrv - ok
01:02:19.0883 3256 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
01:02:19.0883 3256 tunmp - ok
01:02:19.0977 3256 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
01:02:19.0977 3256 tunnel - ok
01:02:20.0055 3256 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
01:02:20.0055 3256 uagp35 - ok
01:02:20.0133 3256 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
01:02:20.0133 3256 udfs - ok
01:02:20.0258 3256 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
01:02:20.0258 3256 uliagpkx - ok
01:02:20.0367 3256 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
01:02:20.0367 3256 uliahci - ok
01:02:20.0460 3256 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:02:20.0460 3256 UlSata - ok
01:02:20.0554 3256 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:02:20.0554 3256 ulsata2 - ok
01:02:20.0601 3256 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
01:02:20.0601 3256 umbus - ok
01:02:20.0772 3256 USBAVCap (9e6c473201bed79ad8e04ba13e3463f4) C:\Windows\system32\drivers\USBAVCap.sys
01:02:20.0772 3256 USBAVCap - ok
01:02:20.0850 3256 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
01:02:20.0850 3256 usbccgp - ok
01:02:20.0991 3256 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:02:20.0991 3256 usbcir - ok
01:02:21.0069 3256 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
01:02:21.0069 3256 usbehci - ok
01:02:21.0178 3256 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
01:02:21.0178 3256 usbhub - ok
01:02:21.0287 3256 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
01:02:21.0287 3256 usbohci - ok
01:02:21.0350 3256 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
01:02:21.0350 3256 usbprint - ok
01:02:21.0459 3256 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
01:02:21.0459 3256 usbscan - ok
01:02:21.0568 3256 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:02:21.0568 3256 USBSTOR - ok
01:02:21.0646 3256 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
01:02:21.0646 3256 usbuhci - ok
01:02:21.0771 3256 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
01:02:21.0771 3256 vga - ok
01:02:21.0833 3256 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
01:02:21.0833 3256 VgaSave - ok
01:02:21.0927 3256 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
01:02:21.0927 3256 viaagp - ok
01:02:21.0989 3256 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
01:02:21.0989 3256 ViaC7 - ok
01:02:22.0114 3256 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
01:02:22.0114 3256 viaide - ok
01:02:22.0192 3256 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
01:02:22.0192 3256 volmgr - ok
01:02:22.0332 3256 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
01:02:22.0332 3256 volmgrx - ok
01:02:22.0426 3256 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
01:02:22.0426 3256 volsnap - ok
01:02:22.0520 3256 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
01:02:22.0520 3256 vsmraid - ok
01:02:22.0738 3256 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:02:22.0738 3256 WacomPen - ok
01:02:22.0800 3256 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:02:22.0816 3256 Wanarp - ok
01:02:22.0816 3256 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:02:22.0816 3256 Wanarpv6 - ok
01:02:22.0941 3256 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
01:02:22.0941 3256 Wd - ok
01:02:23.0081 3256 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
01:02:23.0081 3256 WDC_SAM - ok
01:02:23.0159 3256 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
01:02:23.0190 3256 Wdf01000 - ok
01:02:23.0362 3256 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
01:02:23.0362 3256 WmiAcpi - ok
01:02:23.0440 3256 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
01:02:23.0440 3256 ws2ifsl - ok
01:02:23.0596 3256 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:02:23.0596 3256 WUDFRd - ok
01:02:23.0674 3256 yukonwlh (f081ed0b8bd09d7f50ac9a30bbbb06bc) C:\Windows\system32\DRIVERS\yk60x86.sys
01:02:23.0674 3256 yukonwlh - ok
01:02:23.0690 3256 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:02:23.0721 3256 \Device\Harddisk0\DR0 - ok
01:02:23.0736 3256 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
01:02:23.0736 3256 \Device\Harddisk1\DR1 - ok
01:02:23.0736 3256 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
01:02:23.0752 3256 \Device\Harddisk2\DR2 - ok
01:02:29.0025 3256 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
01:02:29.0025 3256 \Device\Harddisk3\DR3 - ok
01:02:29.0025 3256 Boot (0x1200) (0053c7cd951aa55055bb85362ef2825f) \Device\Harddisk0\DR0\Partition0
01:02:29.0040 3256 \Device\Harddisk0\DR0\Partition0 - ok
01:02:29.0040 3256 Boot (0x1200) (17efbe126a0d73ffa1d400721bc2935b) \Device\Harddisk1\DR1\Partition0
01:02:29.0040 3256 \Device\Harddisk1\DR1\Partition0 - ok

aswMBR log, FIX button not enabled:

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-25 01:04:43
-----------------------------
01:04:43.228 OS Version: Windows 6.0.6002 Service Pack 2
01:04:43.228 Number of processors: 2 586 0xF0D
01:04:43.228 ComputerName: RAMONWORK UserName:
01:04:44.523 Initialize success
01:06:48.361 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:06:48.361 Disk 0 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 3
01:06:48.361 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
01:06:48.361 Disk 1 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 3
01:06:50.716 Disk 0 MBR read successfully
01:06:50.716 Disk 0 MBR scan
01:06:50.716 Disk 0 Windows VISTA default MBR code
01:06:50.748 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1536 MB offset 2048
01:06:50.763 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236937 MB offset 3147776
01:06:50.763 Disk 0 scanning sectors +488394752
01:06:50.826 Disk 0 scanning C:\Windows\system32\drivers
01:06:58.766 Service scanning
01:07:00.856 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
01:07:01.434 Modules scanning
01:07:09.967 Scan finished successfully
01:07:54.686 Disk 0 MBR has been saved successfully to "C:\Users\Ramon Work\Desktop\MBR.dat"
01:07:54.702 The log file has been saved successfully to "C:\Users\Ramon Work\Desktop\aswMBR.txt"





01:02:29.0415 3256 Boot (0x1200) (73a505f96d98c14b488a8e860b74ca50) \Device\Harddisk2\DR2\Partition0
01:02:29.0415 3256 \Device\Harddisk2\DR2\Partition0 - ok
01:02:29.0415 3256 Boot (0x1200) (f180a011dfbe1a58f59665d44e22738a) \Device\Harddisk3\DR3\Partition0
01:02:29.0415 3256 \Device\Harddisk3\DR3\Partition0 - ok
01:02:29.0430 3256 ============================================================
01:02:29.0430 3256 Scan finished
01:02:29.0430 3256 ============================================================
01:02:29.0430 2748 Detected object count: 1
01:02:29.0430 2748 Actual detected object count: 1
01:03:39.0365 2748 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:03:39.0365 2748 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:03:53.0514 2808 Deinitialize success


OTL log:

OTL logfile created on: 12/25/2011 1:09:34 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ramon Work\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.13% Memory free
6.21 Gb Paging File | 4.93 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.38 Gb Total Space | 99.15 Gb Free Space | 42.85% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 77.57 Gb Free Space | 33.31% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 135.74 Gb Free Space | 29.14% Space Free | Partition Type: NTFS
Drive H: | 931.49 Gb Total Space | 82.02 Gb Free Space | 8.81% Space Free | Partition Type: NTFS

Computer Name: RAMONWORK | User Name: Ramon Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 23:58:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.exe
PRC - [2011/09/22 11:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 11:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/03/08 23:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/03/08 23:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/09/14 05:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 05:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 00:50:44 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/23 02:23:44 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/06/12 21:30:20 | 000,084,784 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2007/05/24 09:33:32 | 001,150,976 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
PRC - [2007/02/09 19:39:12 | 000,097,072 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2007/02/05 03:48:25 | 000,167,936 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
PRC - [2007/01/27 06:49:06 | 000,011,776 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
PRC - [2006/11/25 20:09:32 | 000,260,912 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2006/11/12 19:13:58 | 000,068,400 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2006/09/08 01:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
PRC - [2005/09/13 01:30:14 | 000,057,344 | ---- | M] (O2Micro International) -- C:\Windows\System32\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 13:50:30 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\22e853d2fe1435baa459685dee7ce7b7\WindowsFormsIntegration.ni.dll
MOD - [2011/10/12 13:47:40 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/12 13:47:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 13:47:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 12:03:00 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 12:02:37 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 12:02:28 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 12:02:07 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
MOD - [2011/10/12 12:02:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/12 12:01:59 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/12 12:01:41 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/12 12:01:23 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/12 12:01:13 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 12:00:25 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/03/14 13:21:10 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2011/03/08 23:24:12 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009/08/16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sdupsvc)
SRV - [2011/09/22 11:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/03/08 23:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/01/14 22:39:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/14 05:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2009/09/14 05:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/10/24 13:03:02 | 000,040,960 | ---- | M] (Softex Inc.) [Disabled | Stopped] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/08/23 02:23:44 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/27 06:49:06 | 000,011,776 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe -- (UpdateNaviInstallService)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/09/13 01:30:14 | 000,057,344 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV - [2011/08/09 13:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 08:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011/08/04 08:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/03/09 04:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/03/09 04:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/03/08 23:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/02/12 16:42:30 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/11/08 16:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 16:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/27 21:57:07 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/12/11 01:43:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/05 13:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/19 19:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/06/25 18:00:08 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/23 00:22:08 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/05/31 21:27:00 | 000,145,288 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/05/13 20:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007/05/11 03:56:54 | 000,035,456 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2007/02/16 18:59:26 | 000,012,848 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\FJVBCtrl.sys -- (FJVBCtrl)
DRV - [2007/01/27 08:53:42 | 000,785,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAVCap.sys -- (USBAVCap)
DRV - [2006/11/01 05:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006/11/01 05:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2006/10/03 00:23:50 | 000,036,640 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/08/29 19:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/08/28 03:56:41 | 000,008,960 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\FBIOSDRV.SYS -- (FBIOSDRV)
DRV - [2005/04/06 16:46:50 | 000,034,240 | ---- | M] (ADS) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adsexpb.sys -- (ADSEXPB)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)
DRV - [1999/11/18 03:20:00 | 000,003,872 | ---- | M] (FUJITSU LIMITED.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ADVNTDRV.SYS -- (ADVNTDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Users\Ramon Work\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/22 07:32:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/12/25 00:52:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Create BigJig puzzle - C:\Program Files\JigMake\jm.htm ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF1F096F-6FE5-4A79-A08D-25DF89CF4DBD}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/25 01:04:18 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Ramon Work\Desktop\aswMBR.exe
[2011/12/25 01:00:46 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ramon Work\Desktop\tdsskiller.exe
[2011/12/25 00:56:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/25 00:56:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/25 00:56:07 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Local\temp
[2011/12/25 00:38:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/25 00:38:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/25 00:38:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/25 00:23:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/25 00:21:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/25 00:19:44 | 004,351,768 | R--- | C] (Swearware) -- C:\Users\Ramon Work\Desktop\ComboFix.exe
[2011/12/25 00:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/25 00:07:00 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/25 00:04:44 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ramon Work\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/24 23:56:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/24 00:08:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.com
[2011/12/23 23:58:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.scr
[2011/12/23 23:57:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.exe
[2011/12/23 20:29:15 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\Users\Ramon Work\Documents\QWS22nDLK.exe
[2011/12/22 11:47:44 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Brabl
[2011/12/22 11:47:44 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\.gstreamer-0.10
[2011/12/22 11:47:44 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\.gnome2
[2011/12/22 11:47:23 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
[2011/12/22 11:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Christmas Tales - Fellina's Journey
[2011/12/18 11:29:12 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\SunwardGames
[2011/12/17 18:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\Documents\ElectronicParadise
[2011/12/17 18:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\Akella Games
[2011/12/14 01:04:08 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 01:04:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 01:03:48 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 01:03:47 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 01:03:45 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 01:03:43 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 01:03:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 01:03:32 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 01:03:26 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 01:03:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/14 01:03:26 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/14 01:03:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/14 01:03:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/14 01:03:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/14 01:03:25 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 01:03:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/12/14 01:03:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/12/14 01:03:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 01:03:24 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/12/14 01:03:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/12/14 01:03:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/12/14 01:03:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/14 01:03:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/14 01:03:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/13 19:34:10 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Odian Games
[2011/12/13 19:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Odian Games
[2011/12/12 01:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/12/09 20:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Fear for Sale 2- Sunnyvale Story - Collectors Edition
[2011/12/01 21:47:19 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Blue Tea Games
[2011/11/29 00:53:15 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Local\EMDM
[2011/11/28 19:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Azada
[2011/11/26 22:58:13 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Vast Studios
[2011/11/26 19:12:20 | 000,000,000 | ---D | C] -- C:\Users\Ramon Work\AppData\Roaming\Hidden Objects XIII

========== Files - Modified Within 30 Days ==========

[2011/12/25 01:07:54 | 000,000,512 | ---- | M] () -- C:\Users\Ramon Work\Desktop\MBR.dat
[2011/12/25 01:04:22 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Ramon Work\Desktop\aswMBR.exe
[2011/12/25 01:00:51 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ramon Work\Desktop\tdsskiller.exe
[2011/12/25 00:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/25 00:52:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/25 00:34:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 00:34:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 00:33:58 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/25 00:33:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/25 00:33:48 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/25 00:19:54 | 004,351,768 | R--- | M] (Swearware) -- C:\Users\Ramon Work\Desktop\ComboFix.exe
[2011/12/25 00:07:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 00:04:51 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ramon Work\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/24 23:06:27 | 000,002,527 | ---- | M] () -- C:\Users\Ramon Work\Desktop\Microsoft MapPoint North America 2009.lnk
[2011/12/24 20:52:12 | 000,232,960 | ---- | M] () -- C:\Users\Ramon Work\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/24 00:08:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.com
[2011/12/23 23:58:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.scr
[2011/12/23 23:58:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ramon Work\Desktop\OTL.exe
[2011/12/23 21:26:48 | 002,297,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/23 21:26:23 | 000,011,724 | -HS- | M] () -- C:\Users\Ramon Work\AppData\Local\767567q4p450r328c150r1vcj1k1
[2011/12/23 21:26:23 | 000,011,724 | -HS- | M] () -- C:\ProgramData\767567q4p450r328c150r1vcj1k1
[2011/12/23 20:44:15 | 000,000,930 | ---- | M] () -- C:\Users\Ramon Work\Desktop\firefox2.exe - Shortcut.lnk
[2011/12/23 20:32:57 | 000,000,497 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/12/23 20:29:15 | 000,407,552 | ---- | M] (Microsoft Corporation) -- C:\Users\Ramon Work\Documents\QWS22nDLK.exe
[2011/12/22 11:47:23 | 000,001,000 | ---- | M] () -- C:\Users\Ramon Work\Desktop\Christmas Tales - Fellina's Journey.lnk
[2011/12/21 08:07:42 | 000,196,608 | ---- | M] () -- C:\Users\Ramon Work\Documents\36 Armand Beach Dr, Palm Coast, FL 32137 to 36 Armand Beach Dr, Palm Coast, FL 32137.ptm
[2011/12/20 21:26:01 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 21:26:01 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/12 22:34:59 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/12/12 13:50:15 | 000,000,230 | ---- | M] () -- C:\ProgramData\settings.xml
[2011/11/28 19:07:56 | 000,000,774 | ---- | M] () -- C:\Users\Ramon Work\Desktop\Azada.lnk

========== Files Created - No Company Name ==========

[2011/12/25 01:07:54 | 000,000,512 | ---- | C] () -- C:\Users\Ramon Work\Desktop\MBR.dat
[2011/12/25 00:38:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/25 00:38:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/25 00:38:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/25 00:38:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/25 00:38:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/25 00:07:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/23 21:24:01 | 3219,574,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/23 20:44:15 | 000,000,930 | ---- | C] () -- C:\Users\Ramon Work\Desktop\firefox2.exe - Shortcut.lnk
[2011/12/23 20:29:10 | 000,011,724 | -HS- | C] () -- C:\ProgramData\767567q4p450r328c150r1vcj1k1
[2011/12/23 20:29:09 | 000,011,724 | -HS- | C] () -- C:\Users\Ramon Work\AppData\Local\767567q4p450r328c150r1vcj1k1
[2011/12/22 11:47:23 | 000,001,000 | ---- | C] () -- C:\Users\Ramon Work\Desktop\Christmas Tales - Fellina's Journey.lnk
[2011/12/20 21:00:20 | 000,196,608 | ---- | C] () -- C:\Users\Ramon Work\Documents\36 Armand Beach Dr, Palm Coast, FL 32137 to 36 Armand Beach Dr, Palm Coast, FL 32137.ptm
[2011/12/12 22:34:59 | 000,001,258 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/12/12 01:42:04 | 000,001,712 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2011/12/12 01:42:04 | 000,001,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2011/11/28 19:07:56 | 000,000,774 | ---- | C] () -- C:\Users\Ramon Work\Desktop\Azada.lnk
[2011/11/11 01:18:23 | 000,000,230 | ---- | C] () -- C:\ProgramData\settings.xml
[2011/04/24 22:52:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/08 23:16:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/02/27 13:41:58 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2011/02/27 13:06:45 | 000,262,416 | ---- | C] () -- C:\Windows\System32\ASFV2.DLL
[2011/02/08 20:54:59 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/08 20:54:59 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/08 20:54:59 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/08 20:54:59 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/08 20:54:59 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/08 20:54:59 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/08 20:54:59 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/08 20:54:59 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/08 20:54:59 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/08 20:54:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/08 20:54:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/08 20:54:59 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/08 20:54:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/08 20:54:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/08 20:54:59 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/08 20:54:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/02/08 20:50:01 | 000,000,094 | ---- | C] () -- C:\Windows\EPART725.ini
[2011/02/01 17:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/12 22:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/08/17 14:29:58 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/05/27 21:57:10 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/05/27 21:57:07 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/05/10 14:53:29 | 000,691,481 | ---- | C] () -- C:\Windows\unins000.exe
[2010/05/10 14:53:29 | 000,001,628 | ---- | C] () -- C:\Windows\unins000.dat
[2010/01/31 14:01:46 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/11/05 19:09:08 | 000,011,250 | ---- | C] () -- C:\Users\Ramon Work\AppData\Local\slot1.mm1
[2009/10/18 18:07:31 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2009/10/18 18:07:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/10/11 11:38:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/11 11:38:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/11 11:37:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/06 01:43:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/27 17:38:28 | 000,232,960 | ---- | C] () -- C:\Users\Ramon Work\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/27 16:57:35 | 000,000,680 | ---- | C] () -- C:\Users\Ramon Work\AppData\Local\d3d9caps.dat
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/04/22 15:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/04/22 15:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/04/22 15:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/04/22 15:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/11/21 12:16:06 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/11/21 12:15:48 | 000,002,088 | ---- | C] () -- C:\Windows\System32\FJSaver.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 002,297,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/07/01 09:13:30 | 000,000,229 | -HS- | C] () -- C:\Users\Ramon Work\AppData\Roaming\matrox_drv16.dat

========== Files - Unicode (All) ==========
[2010/03/23 00:27:56 | 000,245,925 | ---- | M] ()(C:\Users\Ramon Work\Documents\????.mht) -- C:\Users\Ramon Work\Documents\电信建设.mht
[2010/03/23 00:27:55 | 000,245,925 | ---- | C] ()(C:\Users\Ramon Work\Documents\????.mht) -- C:\Users\Ramon Work\Documents\电信建设.mht

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:65929158
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:DA5888A7
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:18DEBC51
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:89CC3B44
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:F26F5952
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:4CD3F344
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:4A8EB1C4
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:9195103F
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DC0B1070
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:E3615992
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:B4258C5D
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:ED0B32CA
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:14B2E0BD
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:4FA837B4
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:FB4262DE
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:8F067037
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:378824DE
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:ED51D3ED
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:EAF954B6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:BDBC3765
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:13666EE4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C49A5AD1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65B8AF94
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B2112128
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E0888117
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:25F31665
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FB65A4AA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D1AD90C3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:DB2748F7
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8855A119
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4D551822
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B3C7433B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8029E75F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C4288847
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C36D0DFD
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F5D01D7C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EE198B1F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2D2461E7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7BE5BAAB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C86E2AD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:17EB5BAE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:14362DF8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:75798D9A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:62AC0CCE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4E79C4F8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BEACE4C8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:95D2904B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4C31986D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:19474103
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A8B4A032
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EFB2E8E2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:93C48025
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4F28299B
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:26499772
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:114C90CA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DCF5E5D4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C2151AD3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BD8C785E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5154845A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:474022C7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:183A9046
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6710EF08
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0344F92D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F5E8CAE0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DBC3D477
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B42328DE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9F139265
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4C3D5A8B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:26A148EB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E9C8E31F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E6BEADB7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E40D7F76
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D999FFD5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:072CBE6D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D026A5A4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34EFF1F2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FFD58FFB
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E6708F08
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93B8F954
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2667C87D
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:207C4C79
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:02F30776
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A60D4837
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774C075A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4C35C064
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:02CC0035
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AFC732F7
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E1D6C864
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:78E0DF72

< End of report >


OTL Extras log:

OTL Extras logfile created on: 12/25/2011 1:09:34 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ramon Work\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.13% Memory free
6.21 Gb Paging File | 4.93 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.38 Gb Total Space | 99.15 Gb Free Space | 42.85% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 77.57 Gb Free Space | 33.31% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 135.74 Gb Free Space | 29.14% Space Free | Partition Type: NTFS
Drive H: | 931.49 Gb Total Space | 82.02 Gb Free Space | 8.81% Space Free | Partition Type: NTFS

Computer Name: RAMONWORK | User Name: Ramon Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03394E48-C56D-4758-AAC2-CF79ADFEBA90}" = lport=139 | protocol=6 | dir=in | app=system |
"{0DB33884-513E-4DC6-B695-E1B4399C23C0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{148C6D85-66F1-4923-9BA5-483FBA85BE19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{332272D8-684F-43B1-BED1-22EA2EC8C824}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{4E511344-5DC4-474B-8414-FE718CD459C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B556860-7787-4684-94E4-CF433F355A45}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{62A61A19-7B27-48A7-BE27-03365EEF1B7D}" = rport=139 | protocol=6 | dir=out | app=system |
"{71FE97AD-1D01-42AA-A321-3C0644D47FAE}" = lport=445 | protocol=6 | dir=in | app=system |
"{7BD2AD9A-D639-4286-8255-28DDE7007B08}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{9075D37F-B7D3-4313-948C-A0AC44B90968}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{980BC9A8-E0AB-444A-870D-99E9CA7778AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{BF5E7868-0CA2-4AD2-8D9B-E84720CD24BD}" = lport=137 | protocol=17 | dir=in | app=system |
"{C320FD6E-4C1C-4167-810C-6E2C3205CD36}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C6E10ECA-F0C1-4E19-A03D-1C90B1F1A011}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C855FC21-206E-49DB-BB27-C7624352AAED}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CBB59283-120A-43A2-8D3E-CBC5A9BF702F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CEF8F6A8-B4FC-4273-A954-3B8292ABB066}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1FFC7CC-6C23-427C-A597-27B69D7078CC}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D223F49E-A08F-49D7-AD14-6C255C154A98}" = lport=995 | protocol=6 | dir=in | name=at&t |
"{DFD52901-1F55-44C1-86A6-BDB449BA1AAC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{EA53E8A9-4A7A-46B1-8822-04773F0A5E8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED9C2BDB-AF50-412E-AB35-B5402A1DF66B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EDB12573-1F08-43A7-AD83-4C236E8A2BED}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{EFB0D114-1D7C-4FA4-9E20-16F19AFBE35D}" = rport=138 | protocol=17 | dir=out | app=system |
"{FAA5E59C-B726-4A5E-AE8F-212B089EC308}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050C5B75-F1C9-4D47-9B03-6DE61BD0D90E}" = protocol=1 | dir=in | [email protected],-28543 |
"{2FB52401-36B0-43F5-9691-BA96DAFC6BEA}" = protocol=58 | dir=in | [email protected],-28545 |
"{4F4394BD-4AD3-4652-8229-4B1ECDDBD4C3}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{52818E3A-D600-4DAA-8EA6-4CE3DF874D87}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{590F3AAA-FCDA-44D8-A54A-8722CCA01EB9}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{5A843053-3328-48F3-88BF-791E1AB0C6A5}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{78E6427C-FEBD-4840-9CA6-B6E907C954B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{79958DEA-D260-4B35-BBC1-C0434441DF7A}" = protocol=58 | dir=out | [email protected],-28546 |
"{7BC0E5B9-8857-417A-AA93-C541A0005768}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B5A29F6A-3474-47AE-A7A4-CBF3F3751CAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C48DB479-18C4-4DE1-ADF8-F0923722EA42}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D31239B5-E3D9-44B5-BF45-633845104D1C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D501DE46-C1F9-4DCB-B994-0F1366BECDCA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D6359CF0-C6D7-44ED-B321-99AB255033FF}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{D82643E3-F89B-498E-A2A5-7AE945BD286D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DFCA703F-5015-46DB-B486-02863481E80A}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{F34E7349-D462-4BD6-A33C-241B0F230285}" = protocol=58 | dir=in | [email protected],-148 |
"{FC2E05C3-6D08-41E8-B0AB-33706F0C029A}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{268965B6-AEEB-49EB-A200-F505499B315B}E:\common\driver update\edupdate.exe" = protocol=6 | dir=in | app=e:\common\driver update\edupdate.exe |
"TCP Query User{3604E046-8F20-440C-B2A3-99EFB61108CC}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{3D1453BD-1754-4ECB-859A-814234E2A2FF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{48B3A0DF-246A-4A11-86DF-82D96573AAD6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{538A2E74-98FD-44C7-8CC0-0715B7F823DA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{88843751-3D6A-442D-A465-ACB2A04F82D8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{8C5BA968-98AD-4430-8928-46AA99E3831C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{06BF80F3-100B-4713-B3F4-6AFC9DC6D01F}E:\common\driver update\edupdate.exe" = protocol=17 | dir=in | app=e:\common\driver update\edupdate.exe |
"UDP Query User{119D63A8-9BC1-45A3-869A-5F3AF93B6025}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2F234103-D35E-4852-84E9-26AFECBA6E3E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{30F73B2C-4038-4698-A800-E7057859B19E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{40778E03-DD26-4201-BA27-4840FDE9250C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{48545727-86FF-4CF0-8795-A3A050A5A9CD}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4FA3DE17-B3D4-438E-A339-324E07CB6595}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{25E6D9E3-3CA4-D2CF-6F18-9A08C4FF2885}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{27E27302-ACEE-41BE-9500-A3825FF68F08}" = Catalyst Control Center - Branding
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37AB6736-3C58-B2AD-9232-BBCF074F9A9C}" = Catalyst Control Center
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CFC16D1-C831-4CEB-B27D-342E7E2D5603}" = ESET NOD32 Antivirus
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Fujitsu Driver Update
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = Net MD Simple Burner
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{70E3A868-C269-4E6D-B225-862AADF7D0AF}" = Adobe Creative Suite 4 Production Premium
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83BCDD54-0B5A-8C86-4E7E-A16F3CE60B81}" = Catalyst Control Center Localization All
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8D261060-84D3-FCF3-177D-969A30DB7FAA}" = Catalyst Control Center InstallProxy
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B10D407C-75F9-4B5C-999F-E6B75AB31CAB}" = AuthenTec Fingerprint Sensor Minimum Install
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC1E438B-1292-C544-D333-6D9E7D9D8726}" = ATI Catalyst Install Manager
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C1D8CEBB-BFEE-4E82-92E0-7579211F3ADF}" = Fujitsu Display Manager
"{C42AA487-8DB6-EEDF-0DA5-27B2B710671E}" = Catalyst Control Center Graphics Previews Common
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}" = O2Micro Flash Memory Card Windows Driver
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C82185E8-C27B-4EF4-2009-1111BC2C2B6D}" = Microsoft MapPoint North America 2009
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA842D69-22DB-456E-95C7-A5C92593C7C4}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3E77710-D43D-79AD-8701-45A498760A9F}" = ccc-utility
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.88
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_36ac9dc8c9a94feb9e5886810012e78" = Adobe Creative Suite 4 Production Premium
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Allok Video Joiner_is1" = Allok Video Joiner 4.4.0208
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Aurora the secret within Patch_is1" = Vista Patch 1.0
"AVerMedia HC80 ExpressCard Hybrid ATSC" = AVerMedia HC80 ExpressCard Hybrid ATSC 1.3.0.56
"AzadaJust For Fun Games" = AzadaJust For Fun Games
"BFGC" = Big Fish Games: Game Manager
"BigJig_is1" = BigJig version 8.15
"CCleaner" = CCleaner (remove only)
"Christmas Tales - Fellina's Journey" = Christmas Tales - Fellina's Journey
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Artisan 720 Series" = EPSON Artisan 720 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Family Tree Maker 2009" = Family Tree Maker 2009
"FileZilla Client" = FileZilla Client 3.3.3
"Forte Agent" = Forté Agent
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{C1D8CEBB-BFEE-4E82-92E0-7579211F3ADF}" = Fujitsu Display Manager
"InstallShield_{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"JigMake_is1" = JigMake version 6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Picasa2" = Picasa 2
"QuickPar" = QuickPar 0.9
"Recuva" = Recuva
"SolSuite_is1" = SolSuite 2009 v9.9
"UHS Reader (Version 6.10)" = UHS Reader (Version 6.10)
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2011 10:28:36 PM | Computer Name = RamonWork | Source = System Restore | ID = 8193
Description =

Error - 12/3/2011 4:38:09 PM | Computer Name = RamonWork | Source = Application Error | ID = 1000
Description = Faulting application DarkParables_RiseoftheSnowQueen.exe, version
0.0.0.0, time stamp 0x4ed595ad, faulting module DarkParables_RiseoftheSnowQueen.exe,
version 0.0.0.0, time stamp 0x4ed595ad, exception code 0xc0000417, fault offset
0x001c6570, process id 0xb5c, application start time 0x01ccb1f93ba19868.

Error - 12/4/2011 12:10:11 AM | Computer Name = RamonWork | Source = Application Error | ID = 1000
Description = Faulting application MCF8CollectorsEdition.exe, version 1.0.0.0, time
stamp 0x4ecbe3a0, faulting module MCF8CollectorsEdition.exe, version 1.0.0.0, time
stamp 0x4ecbe3a0, exception code 0xc0000005, fault offset 0x001e88ac, process id
0x173c, application start time 0x01ccb23148967b28.

Error - 12/4/2011 1:21:39 AM | Computer Name = RamonWork | Source = Application Error | ID = 1000
Description = Faulting application MCF8CollectorsEdition.exe, version 1.0.0.0, time
stamp 0x4ecbe3a0, faulting module d3d9.dll, version 6.0.6002.18005, time stamp
0x49e03705, exception code 0xc0000005, fault offset 0x00006c3c, process id 0x1194,
application start time 0x01ccb23aa31f9468.

Error - 12/17/2011 7:40:43 PM | Computer Name = RamonWork | Source = Windows Installer 3.1 | ID = 921877
Description =

Error - 12/17/2011 7:44:26 PM | Computer Name = RamonWork | Source = VSS | ID = 8194
Description =

Error - 12/17/2011 7:46:21 PM | Computer Name = RamonWork | Source = System Restore | ID = 8193
Description =

Error - 12/17/2011 11:26:46 PM | Computer Name = RamonWork | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19170, time stamp
0x4eb21c98, faulting module mshtml.dll, version 8.0.6001.19170, time stamp 0x4eb23281,
exception code 0xc0000005, fault offset 0x00067978, process id 0x1568, application
start time 0x01ccbd34bfd948e6.

Error - 12/18/2011 8:24:54 PM | Computer Name = RamonWork | Source = Application Error | ID = 1000
Description = Faulting application NatalieBrooksSTH.wrp.exe, version 0.0.0.0, time
stamp 0x48d330b8, faulting module NatalieBrooksSTH.wrp.exe, version 0.0.0.0, time
stamp 0x48d330b8, exception code 0xc0000005, fault offset 0x00118ff8, process id
0xee0, application start time 0x01ccbde4a155ca56.

Error - 12/23/2011 9:36:45 PM | Computer Name = RamonWork | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 12/25/2011 1:34:38 AM | Computer Name = RamonWork | Source = Service Control Manager | ID = 7000
Description =

Error - 12/25/2011 1:34:38 AM | Computer Name = RamonWork | Source = Service Control Manager | ID = 7003
Description =

Error - 12/25/2011 1:34:38 AM | Computer Name = RamonWork | Source = Service Control Manager | ID = 7003
Description =

Error - 12/25/2011 1:34:38 AM | Computer Name = RamonWork | Source = Service Control Manager | ID = 7003
Description =

Error - 12/25/2011 1:34:38 AM | Computer Name = RamonWork | Source = Service Control Manager | ID = 7000
Description =

Error - 12/25/2011 1:34:38 AM | Computer Name = RamonWork | Source = Service Control Manager | ID = 7003
Description =

Error - 12/25/2011 1:34:38 AM | Computer Name = RamonWork | Source = Service Control Manager | ID = 7003
Description =

Error - 12/25/2011 1:40:48 AM | Computer Name = RamonWork | Source = Service Control Manager | ID = 7030
Description =

Error - 12/25/2011 1:48:16 AM | Computer Name = RamonWork | Source = Service Control Manager | ID = 7030
Description =

Error - 12/25/2011 1:52:41 AM | Computer Name = RamonWork | Source = Service Control Manager | ID = 7030
Description =


< End of report >


Thanks, your my hero working on Christmas Eve and all. Hope I did all this stuff right. Ramon.
  • 0

#4
RKinner
Posted 25 December 2011 - 01:26 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\ProgramData\767567q4p450r328c150r1vcj1k1
C:\Users\Ramon Work\AppData\Local\767567q4p450r328c150r1vcj1k1

Driver::
sptd
sdupsvc

RootKit::
C:\ProgramData\767567q4p450r328c150r1vcj1k1
C:\Users\Ramon Work\AppData\Local\767567q4p450r328c150r1vcj1k1


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Run TDSSKiller again and post the log.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Uninstall
Java™ 6 Update 22 &
J2SE Runtime Environment 5.0 Update 8 get latest from java.com


Ron
  • 0

#5
Raydiaz
Posted 25 December 2011 - 01:22 PM

Raydiaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ron, after running the CFScript in Combofix TDSSKiller would not run; got error message "Directory name was invalid". Cleared logs, rebooted, downloaded new TDSSKiller and ran it. Recleared logs and continued with your instructions. hope that was okay.

Combofix log:

ComboFix 11-12-24.10 - Ramon Work 12/25/2011 12:45:58.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1947 [GMT -5:00]
Running from: c:\users\Ramon Work\Desktop\ComboFix.exe
Command switches used :: c:\users\Ramon Work\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\767567q4p450r328c150r1vcj1k1"
"c:\users\Ramon Work\AppData\Local\767567q4p450r328c150r1vcj1k1"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\767567q4p450r328c150r1vcj1k1
c:\users\Ramon Work\AppData\Local\767567q4p450r328c150r1vcj1k1
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_sdupsvc
-------\Service_sptd
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 17:55 . 2011-12-25 17:59 -------- d-----w- c:\users\Ramon Work\AppData\Local\temp
2011-12-25 05:07 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-25 04:56 . 2011-12-25 04:56 -------- d-----w- C:\_OTL
2011-12-22 16:47 . 2011-12-22 16:47 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\Brabl
2011-12-22 16:47 . 2011-12-22 16:47 -------- d-----w- c:\users\Ramon Work\.gstreamer-0.10
2011-12-22 16:47 . 2011-12-22 16:47 -------- d-----w- c:\users\Ramon Work\.gnome2
2011-12-22 16:44 . 2011-12-22 16:47 -------- d-----w- c:\program files\Christmas Tales - Fellina's Journey
2011-12-22 16:36 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F72C6BA6-3E77-4348-BFB1-C16A09CA511D}\mpengine.dll
2011-12-18 16:29 . 2011-12-18 16:29 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\SunwardGames
2011-12-17 23:35 . 2011-12-17 23:35 -------- d-----w- c:\program files\Akella Games
2011-12-14 06:04 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 06:04 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 00:34 . 2011-12-14 00:34 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\Odian Games
2011-12-14 00:34 . 2011-12-14 00:34 -------- d-----w- c:\programdata\Odian Games
2011-12-12 06:41 . 2011-12-12 06:41 -------- d-----w- c:\programdata\Big Fish Games
2011-12-10 01:09 . 2011-12-10 01:09 -------- d-----w- c:\program files\Fear for Sale 2- Sunnyvale Story - Collectors Edition
2011-12-02 02:47 . 2011-12-02 02:47 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\Blue Tea Games
2011-11-29 05:53 . 2011-11-29 06:12 -------- d-----w- c:\users\Ramon Work\AppData\Local\EMDM
2011-11-29 00:07 . 2011-11-29 00:07 -------- d-----w- c:\program files\Azada
2011-11-27 03:58 . 2011-11-27 03:58 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\Vast Studios
2011-11-27 00:12 . 2011-11-27 03:36 -------- d-----w- c:\users\Ramon Work\AppData\Roaming\Hidden Objects XIII
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 02:24 . 2011-11-21 02:25 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-11-17 01:33 . 2011-05-17 15:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-26 151552]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2007-02-10 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2007-06-13 84784]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-13 68400]
"TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2007-10-01 106496]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-02-05 167936]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ramon Work^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Ramon Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 19:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 02:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\firefox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
2007-10-24 19:01 2564096 ----a-w- c:\program files\Softex\OmniPass\scureapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 01:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2007-01-27 785408]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 8960]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-05-11 35456]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 FJVBCtrl;FJVBCtrl;c:\program files\Fujitsu\Fujitsu Hotkey Utility\FJVBCtrl.sys [2007-02-16 12848]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2007-01-27 11776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 19:21]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 19:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.earthlink.net/
uInternet Settings,ProxyOverride = <local>
IE: Create BigJig puzzle - c:\program files\JigMake\jm.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\o2flash.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-12-25 13:04:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-25 18:04
ComboFix2.txt 2011-12-25 05:56
.
Pre-Run: 106,578,890,752 bytes free
Post-Run: 106,159,603,712 bytes free
.
- - End Of File - - 3C8D7ED1D980D506DE5A58B4F3D35690

TDSSKiller log:

13:32:08.0552 0736 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:32:08.0942 0736 ============================================================
13:32:08.0942 0736 Current date / time: 2011/12/25 13:32:08.0942
13:32:08.0942 0736 SystemInfo:
13:32:08.0942 0736
13:32:08.0942 0736 OS Version: 6.0.6002 ServicePack: 2.0
13:32:08.0942 0736 Product type: Workstation
13:32:08.0942 0736 ComputerName: RAMONWORK
13:32:08.0942 0736 UserName: Ramon Work
13:32:08.0942 0736 Windows directory: C:\Windows
13:32:08.0942 0736 System windows directory: C:\Windows
13:32:08.0942 0736 Processor architecture: Intel x86
13:32:08.0942 0736 Number of processors: 2
13:32:08.0942 0736 Page size: 0x1000
13:32:08.0942 0736 Boot type: Normal boot
13:32:08.0942 0736 ============================================================
13:32:15.0978 0736 Initialize success
13:32:19.0160 2016 ============================================================
13:32:19.0160 2016 Scan started
13:32:19.0160 2016 Mode: Manual;
13:32:19.0160 2016 ============================================================
13:32:19.0893 2016 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
13:32:19.0924 2016 61883 - ok
13:32:20.0034 2016 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:32:20.0034 2016 ACPI - ok
13:32:20.0268 2016 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
13:32:20.0268 2016 adfs - ok
13:32:20.0564 2016 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:32:20.0580 2016 adp94xx - ok
13:32:20.0782 2016 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:32:20.0798 2016 adpahci - ok
13:32:20.0892 2016 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:32:20.0892 2016 adpu160m - ok
13:32:21.0063 2016 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:32:21.0079 2016 adpu320 - ok
13:32:21.0141 2016 ADSEXPB (d6283a2039c54e34eb5ba518c9aedca5) C:\Windows\system32\Drivers\adsexpb.SYS
13:32:21.0141 2016 ADSEXPB - ok
13:32:21.0266 2016 ADVNTDRV (e341a95c1329e272782b2baecc64316a) C:\Windows\System32\drivers\ADVNTDRV.SYS
13:32:21.0266 2016 ADVNTDRV - ok
13:32:21.0453 2016 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:32:21.0453 2016 AFD - ok
13:32:21.0547 2016 AgereSoftModem (de9df7a02803e923c7695b343678ac25) C:\Windows\system32\DRIVERS\AGRSM.sys
13:32:21.0594 2016 AgereSoftModem - ok
13:32:21.0687 2016 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
13:32:21.0703 2016 agp440 - ok
13:32:21.0874 2016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:32:21.0890 2016 aic78xx - ok
13:32:21.0921 2016 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:32:21.0937 2016 aliide - ok
13:32:22.0030 2016 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
13:32:22.0030 2016 amdagp - ok
13:32:22.0124 2016 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:32:22.0124 2016 amdide - ok
13:32:22.0171 2016 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:32:22.0202 2016 AmdK7 - ok
13:32:22.0249 2016 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:32:22.0249 2016 AmdK8 - ok
13:32:23.0122 2016 amdkmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
13:32:23.0356 2016 amdkmdag - ok
13:32:23.0606 2016 amdkmdap (655053f7c0a3b551da84db7417a10e15) C:\Windows\system32\DRIVERS\atikmpag.sys
13:32:23.0606 2016 amdkmdap - ok
13:32:23.0731 2016 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:32:23.0762 2016 ApfiltrService - ok
13:32:24.0043 2016 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:32:24.0058 2016 arc - ok
13:32:24.0105 2016 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:32:24.0136 2016 arcsas - ok
13:32:24.0214 2016 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:32:24.0230 2016 AsyncMac - ok
13:32:24.0339 2016 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:32:24.0339 2016 atapi - ok
13:32:24.0729 2016 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
13:32:24.0776 2016 athr - ok
13:32:26.0164 2016 atikmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
13:32:26.0211 2016 atikmdag - ok
13:32:26.0492 2016 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
13:32:26.0492 2016 atksgt - ok
13:32:26.0757 2016 ATSWPDRV (0c81d19fa268480ab0b01b989cfa948c) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
13:32:26.0757 2016 ATSWPDRV - ok
13:32:27.0069 2016 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
13:32:27.0085 2016 Avc - ok
13:32:27.0334 2016 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:32:27.0334 2016 Beep - ok
13:32:27.0412 2016 blbdrive - ok
13:32:27.0678 2016 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:32:27.0693 2016 bowser - ok
13:32:27.0756 2016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:32:27.0771 2016 BrFiltLo - ok
13:32:28.0036 2016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:32:28.0052 2016 BrFiltUp - ok
13:32:28.0161 2016 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:32:28.0161 2016 Brserid - ok
13:32:28.0270 2016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:32:28.0286 2016 BrSerWdm - ok
13:32:28.0333 2016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:32:28.0333 2016 BrUsbMdm - ok
13:32:28.0395 2016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:32:28.0395 2016 BrUsbSer - ok
13:32:28.0520 2016 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:32:28.0536 2016 BTHMODEM - ok
13:32:28.0832 2016 catchme - ok
13:32:29.0160 2016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:32:29.0160 2016 cdfs - ok
13:32:29.0253 2016 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:32:29.0284 2016 cdrom - ok
13:32:29.0409 2016 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:32:29.0425 2016 circlass - ok
13:32:29.0565 2016 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:32:29.0581 2016 CLFS - ok
13:32:29.0659 2016 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:32:29.0659 2016 CmBatt - ok
13:32:29.0768 2016 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:32:29.0768 2016 cmdide - ok
13:32:29.0830 2016 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:32:29.0830 2016 Compbatt - ok
13:32:29.0955 2016 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:32:29.0955 2016 crcdisk - ok
13:32:30.0064 2016 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:32:30.0080 2016 Crusoe - ok
13:32:30.0205 2016 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:32:30.0220 2016 DfsC - ok
13:32:30.0330 2016 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:32:30.0330 2016 disk - ok
13:32:30.0439 2016 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:32:30.0454 2016 drmkaud - ok
13:32:30.0704 2016 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:32:30.0704 2016 DXGKrnl - ok
13:32:30.0891 2016 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:32:30.0891 2016 E1G60 - ok
13:32:31.0141 2016 eamonm (04238864710460c5682e260207d06192) C:\Windows\system32\DRIVERS\eamonm.sys
13:32:31.0156 2016 eamonm - ok
13:32:31.0312 2016 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:32:31.0328 2016 Ecache - ok
13:32:31.0515 2016 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\Windows\system32\DRIVERS\ehdrv.sys
13:32:31.0531 2016 ehdrv - ok
13:32:31.0671 2016 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:32:31.0687 2016 elxstor - ok
13:32:31.0921 2016 epfwwfpr (f39c91795ebdb9ecbeb5a388ff2841fe) C:\Windows\system32\DRIVERS\epfwwfpr.sys
13:32:31.0936 2016 epfwwfpr - ok
13:32:32.0233 2016 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:32:32.0233 2016 exfat - ok
13:32:32.0295 2016 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:32:32.0295 2016 fastfat - ok
13:32:32.0467 2016 FBIOSDRV (f64b86a52fb20686954703a6f7a955d5) C:\Windows\system32\drivers\FBIOSDRV.SYS
13:32:32.0467 2016 FBIOSDRV - ok
13:32:32.0701 2016 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:32:32.0716 2016 fdc - ok
13:32:32.0904 2016 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:32:32.0919 2016 FileInfo - ok
13:32:32.0982 2016 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:32:32.0997 2016 Filetrace - ok
13:32:33.0060 2016 FJVBCtrl (d3b9f07231eb21634ca4debd6af6da4c) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\FJVBCtrl.sys
13:32:33.0060 2016 FJVBCtrl - ok
13:32:33.0216 2016 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:32:33.0216 2016 flpydisk - ok
13:32:33.0325 2016 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:32:33.0340 2016 FltMgr - ok
13:32:33.0465 2016 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:32:33.0465 2016 Fs_Rec - ok
13:32:33.0668 2016 FUJ02B1 (49e588ac7d2b57f057756a91c6f36d25) C:\Windows\system32\DRIVERS\FUJ02B1.sys
13:32:33.0668 2016 FUJ02B1 - ok
13:32:33.0715 2016 FUJ02E3 (d45474a7e5e2f35150c29a3193747884) C:\Windows\system32\DRIVERS\FUJ02E3.sys
13:32:33.0715 2016 FUJ02E3 - ok
13:32:33.0762 2016 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:32:33.0777 2016 gagp30kx - ok
13:32:34.0105 2016 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:32:34.0120 2016 HdAudAddService - ok
13:32:34.0198 2016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:32:34.0230 2016 HDAudBus - ok
13:32:34.0495 2016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:32:34.0495 2016 HidBth - ok
13:32:34.0542 2016 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:32:34.0542 2016 HidIr - ok
13:32:34.0744 2016 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:32:34.0744 2016 HidUsb - ok
13:32:34.0854 2016 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:32:34.0869 2016 HpCISSs - ok
13:32:35.0103 2016 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:32:35.0119 2016 HTTP - ok
13:32:35.0244 2016 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:32:35.0244 2016 i2omp - ok
13:32:35.0306 2016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:32:35.0322 2016 i8042prt - ok
13:32:35.0587 2016 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:32:35.0665 2016 ialm - ok
13:32:35.0946 2016 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
13:32:35.0946 2016 iaStor - ok
13:32:36.0242 2016 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:32:36.0242 2016 iaStorV - ok
13:32:36.0398 2016 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:32:36.0429 2016 iirsp - ok
13:32:36.0804 2016 IntcAzAudAddService (efad2bc74d06c5f53fa64b6dd6dbb459) C:\Windows\system32\drivers\RTKVHDA.sys
13:32:36.0819 2016 IntcAzAudAddService - ok
13:32:37.0131 2016 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:32:37.0131 2016 intelide - ok
13:32:37.0256 2016 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:32:37.0256 2016 intelppm - ok
13:32:37.0568 2016 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:32:37.0599 2016 IpFilterDriver - ok
13:32:37.0615 2016 IpInIp - ok
13:32:37.0724 2016 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:32:37.0740 2016 IPMIDRV - ok
13:32:38.0052 2016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:32:38.0067 2016 IPNAT - ok
13:32:38.0130 2016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:32:38.0145 2016 IRENUM - ok
13:32:38.0348 2016 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
13:32:38.0364 2016 isapnp - ok
13:32:38.0551 2016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:32:38.0551 2016 iScsiPrt - ok
13:32:38.0910 2016 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:32:38.0941 2016 iteatapi - ok
13:32:38.0972 2016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:32:38.0972 2016 iteraid - ok
13:32:39.0019 2016 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:32:39.0019 2016 kbdclass - ok
13:32:39.0066 2016 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:32:39.0081 2016 kbdhid - ok
13:32:39.0331 2016 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:32:39.0331 2016 KMWDFILTER - ok
13:32:39.0409 2016 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:32:39.0409 2016 KSecDD - ok
13:32:39.0518 2016 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
13:32:39.0518 2016 lirsgt - ok
13:32:39.0690 2016 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:32:39.0705 2016 lltdio - ok
13:32:39.0830 2016 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:32:39.0830 2016 LSI_FC - ok
13:32:39.0877 2016 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:32:39.0877 2016 LSI_SAS - ok
13:32:40.0017 2016 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:32:40.0033 2016 LSI_SCSI - ok
13:32:40.0298 2016 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:32:40.0298 2016 luafv - ok
13:32:40.0376 2016 MBAMSwissArmy - ok
13:32:40.0532 2016 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:32:40.0532 2016 megasas - ok
13:32:40.0641 2016 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:32:40.0641 2016 Modem - ok
13:32:40.0828 2016 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:32:40.0828 2016 monitor - ok
13:32:41.0062 2016 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:32:41.0062 2016 mouclass - ok
13:32:41.0265 2016 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:32:41.0281 2016 mouhid - ok
13:32:41.0390 2016 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:32:41.0390 2016 MountMgr - ok
13:32:41.0484 2016 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:32:41.0499 2016 mpio - ok
13:32:41.0577 2016 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:32:41.0593 2016 mpsdrv - ok
13:32:41.0671 2016 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:32:41.0671 2016 Mraid35x - ok
13:32:41.0764 2016 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:32:41.0780 2016 MREMP50 - ok
13:32:41.0780 2016 MREMPR5 - ok
13:32:41.0796 2016 MRENDIS5 - ok
13:32:41.0827 2016 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:32:41.0827 2016 MRESP50 - ok
13:32:41.0936 2016 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:32:41.0936 2016 MRxDAV - ok
13:32:42.0108 2016 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:32:42.0108 2016 mrxsmb - ok
13:32:42.0310 2016 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:32:42.0326 2016 mrxsmb10 - ok
13:32:42.0529 2016 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:32:42.0544 2016 mrxsmb20 - ok
13:32:42.0700 2016 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:32:42.0716 2016 msahci - ok
13:32:42.0825 2016 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:32:42.0856 2016 msdsm - ok
13:32:42.0966 2016 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
13:32:42.0966 2016 MSDV - ok
13:32:43.0044 2016 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:32:43.0075 2016 Msfs - ok
13:32:43.0137 2016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:32:43.0137 2016 msisadrv - ok
13:32:43.0309 2016 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:32:43.0324 2016 MSKSSRV - ok
13:32:43.0418 2016 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:43.0449 2016 MSPCLOCK - ok
13:32:43.0605 2016 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:32:43.0605 2016 MSPQM - ok
13:32:43.0683 2016 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:32:43.0683 2016 MsRPC - ok
13:32:43.0761 2016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:32:43.0761 2016 mssmbios - ok
13:32:44.0011 2016 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:32:44.0026 2016 MSTEE - ok
13:32:44.0089 2016 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:32:44.0104 2016 Mup - ok
13:32:44.0245 2016 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:32:44.0260 2016 NativeWifiP - ok
13:32:44.0463 2016 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:32:44.0510 2016 NDIS - ok
13:32:44.0853 2016 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:44.0884 2016 NdisTapi - ok
13:32:45.0274 2016 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:45.0290 2016 Ndisuio - ok
13:32:45.0384 2016 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:45.0384 2016 NdisWan - ok
13:32:45.0774 2016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:32:45.0774 2016 NDProxy - ok
13:32:45.0820 2016 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:32:45.0820 2016 NetBIOS - ok
13:32:46.0023 2016 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:32:46.0054 2016 netbt - ok
13:32:46.0288 2016 NETMDUSB (986acdece933131288f1957dc359865f) C:\Windows\system32\Drivers\NETMDUSB.sys
13:32:46.0320 2016 NETMDUSB - ok
13:32:46.0413 2016 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:32:46.0429 2016 nfrd960 - ok
13:32:46.0554 2016 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:32:46.0554 2016 Npfs - ok
13:32:47.0068 2016 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:32:47.0115 2016 nsiproxy - ok
13:32:47.0380 2016 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:32:47.0427 2016 Ntfs - ok
13:32:47.0490 2016 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:32:47.0536 2016 ntrigdigi - ok
13:32:47.0599 2016 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:32:47.0599 2016 Null - ok
13:32:48.0036 2016 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:32:48.0067 2016 nvraid - ok
13:32:48.0129 2016 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:32:48.0160 2016 nvstor - ok
13:32:48.0348 2016 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
13:32:48.0379 2016 nv_agp - ok
13:32:48.0441 2016 NwlnkFlt - ok
13:32:48.0550 2016 NwlnkFwd - ok
13:32:48.0940 2016 O2MDRDR (f4aa04f7ba01d54b31f14841386cc60b) C:\Windows\system32\DRIVERS\o2media.sys
13:32:48.0940 2016 O2MDRDR - ok
13:32:49.0455 2016 O2SDRDR (06b541d57b9b8ea2f0ebebcaebc90718) C:\Windows\system32\DRIVERS\o2sd.sys
13:32:49.0455 2016 O2SDRDR - ok
13:32:49.0814 2016 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:32:49.0814 2016 ohci1394 - ok
13:32:50.0126 2016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:32:50.0173 2016 Parport - ok
13:32:50.0485 2016 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:32:50.0485 2016 partmgr - ok
13:32:50.0547 2016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:32:50.0594 2016 Parvdm - ok
13:32:50.0859 2016 PCASp50 - ok
13:32:51.0280 2016 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:32:51.0327 2016 pci - ok
13:32:51.0514 2016 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
13:32:51.0546 2016 pciide - ok
13:32:51.0811 2016 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
13:32:51.0858 2016 pcmcia - ok
13:32:52.0466 2016 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:32:52.0497 2016 PEAUTH - ok
13:32:53.0152 2016 Point32 (e56e57cfb75b1ee2bb001ad036c27fbb) C:\Windows\system32\DRIVERS\point32k.sys
13:32:53.0152 2016 Point32 - ok
13:32:53.0496 2016 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:32:53.0496 2016 PptpMiniport - ok
13:32:53.0605 2016 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:32:53.0636 2016 Processor - ok
13:32:54.0135 2016 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:32:54.0182 2016 PSched - ok
13:32:54.0556 2016 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
13:32:54.0556 2016 PxHelp20 - ok
13:32:54.0837 2016 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:32:54.0884 2016 ql2300 - ok
13:32:55.0336 2016 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:32:55.0368 2016 ql40xx - ok
13:32:55.0586 2016 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:32:55.0586 2016 QWAVEdrv - ok
13:32:56.0101 2016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:32:56.0132 2016 RasAcd - ok
13:32:56.0818 2016 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:56.0881 2016 Rasl2tp - ok
13:32:57.0442 2016 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:57.0520 2016 RasPppoe - ok
13:32:57.0957 2016 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:32:57.0988 2016 RasSstp - ok
13:32:58.0550 2016 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:32:58.0550 2016 rdbss - ok
13:32:59.0112 2016 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:59.0143 2016 RDPCDD - ok
13:32:59.0611 2016 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
13:32:59.0611 2016 rdpdr - ok
13:32:59.0829 2016 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:32:59.0876 2016 RDPENCDD - ok
13:33:00.0516 2016 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:33:00.0547 2016 RDPWD - ok
13:33:01.0015 2016 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:01.0015 2016 rspndr - ok
13:33:01.0093 2016 RTHDMIAzAudService (9bb3b278b082acd7dad7b6f4fa442e30) C:\Windows\system32\drivers\RtHDMIV.sys
13:33:01.0093 2016 RTHDMIAzAudService - ok
13:33:01.0623 2016 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:33:01.0623 2016 sbp2port - ok
13:33:01.0717 2016 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
13:33:01.0717 2016 sdbus - ok
13:33:02.0107 2016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:33:02.0122 2016 secdrv - ok
13:33:02.0372 2016 ser2plms (227df2e68510d25462ee80136722374e) C:\Windows\system32\DRIVERS\ser2plms.sys
13:33:02.0388 2016 ser2plms - ok
13:33:02.0575 2016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:33:02.0590 2016 Serenum - ok
13:33:02.0856 2016 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:33:02.0871 2016 Serial - ok
13:33:03.0058 2016 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:33:03.0074 2016 sermouse - ok
13:33:03.0464 2016 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
13:33:03.0480 2016 sffdisk - ok
13:33:03.0714 2016 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:03.0745 2016 sffp_mmc - ok
13:33:04.0182 2016 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
13:33:04.0197 2016 sffp_sd - ok
13:33:04.0322 2016 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:33:04.0338 2016 sfloppy - ok
13:33:04.0634 2016 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
13:33:04.0681 2016 sisagp - ok
13:33:04.0774 2016 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:33:04.0790 2016 SiSRaid2 - ok
13:33:04.0899 2016 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:33:04.0899 2016 SiSRaid4 - ok
13:33:05.0258 2016 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:33:05.0274 2016 Smb - ok
13:33:05.0601 2016 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:33:05.0601 2016 spldr - ok
13:33:05.0726 2016 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:33:05.0804 2016 srv - ok
13:33:06.0038 2016 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:33:06.0054 2016 srv2 - ok
13:33:06.0490 2016 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:06.0600 2016 srvnet - ok
13:33:07.0286 2016 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:33:07.0286 2016 swenum - ok
13:33:07.0770 2016 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:33:07.0832 2016 Symc8xx - ok
13:33:08.0284 2016 SymIM - ok
13:33:08.0784 2016 SymIMMP - ok
13:33:09.0205 2016 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:33:09.0252 2016 Sym_hi - ok
13:33:09.0392 2016 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:33:09.0408 2016 Sym_u3 - ok
13:33:09.0798 2016 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:33:09.0860 2016 Tcpip - ok
13:33:10.0281 2016 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:10.0297 2016 Tcpip6 - ok
13:33:10.0609 2016 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:33:10.0624 2016 tcpipreg - ok
13:33:10.0718 2016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:33:10.0718 2016 TDPIPE - ok
13:33:11.0217 2016 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:33:11.0217 2016 TDTCP - ok
13:33:11.0420 2016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:33:11.0420 2016 tdx - ok
13:33:11.0638 2016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:33:11.0638 2016 TermDD - ok
13:33:11.0841 2016 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:11.0841 2016 tssecsrv - ok
13:33:11.0919 2016 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:33:11.0919 2016 tunmp - ok
13:33:12.0122 2016 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:12.0138 2016 tunnel - ok
13:33:12.0465 2016 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:33:12.0496 2016 uagp35 - ok
13:33:12.0730 2016 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:33:12.0730 2016 udfs - ok
13:33:12.0949 2016 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
13:33:12.0949 2016 uliagpkx - ok
13:33:13.0089 2016 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:33:13.0136 2016 uliahci - ok
13:33:13.0308 2016 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:33:13.0339 2016 UlSata - ok
13:33:13.0432 2016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:33:13.0448 2016 ulsata2 - ok
13:33:13.0557 2016 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:33:13.0573 2016 umbus - ok
13:33:13.0822 2016 USBAVCap (9e6c473201bed79ad8e04ba13e3463f4) C:\Windows\system32\drivers\USBAVCap.sys
13:33:13.0869 2016 USBAVCap - ok
13:33:14.0197 2016 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:14.0228 2016 usbccgp - ok
13:33:14.0400 2016 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:33:14.0400 2016 usbcir - ok
13:33:14.0634 2016 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:14.0649 2016 usbehci - ok
13:33:14.0821 2016 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:14.0821 2016 usbhub - ok
13:33:15.0086 2016 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:33:15.0102 2016 usbohci - ok
13:33:15.0195 2016 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:15.0211 2016 usbprint - ok
13:33:15.0460 2016 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:33:15.0476 2016 usbscan - ok
13:33:15.0585 2016 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:15.0585 2016 USBSTOR - ok
13:33:15.0819 2016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:15.0835 2016 usbuhci - ok
13:33:15.0991 2016 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:16.0006 2016 vga - ok
13:33:16.0100 2016 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:33:16.0116 2016 VgaSave - ok
13:33:16.0225 2016 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
13:33:16.0240 2016 viaagp - ok
13:33:16.0396 2016 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:33:16.0412 2016 ViaC7 - ok
13:33:16.0677 2016 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:33:16.0677 2016 viaide - ok
13:33:16.0833 2016 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:33:16.0849 2016 volmgr - ok
13:33:17.0176 2016 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:33:17.0208 2016 volmgrx - ok
13:33:17.0379 2016 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:33:17.0395 2016 volsnap - ok
13:33:17.0473 2016 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:33:17.0473 2016 vsmraid - ok
13:33:17.0644 2016 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:33:17.0660 2016 WacomPen - ok
13:33:17.0832 2016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:17.0832 2016 Wanarp - ok
13:33:17.0863 2016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:17.0863 2016 Wanarpv6 - ok
13:33:17.0925 2016 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:33:17.0925 2016 Wd - ok
13:33:18.0050 2016 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
13:33:18.0050 2016 WDC_SAM - ok
13:33:18.0362 2016 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:33:18.0409 2016 Wdf01000 - ok
13:33:18.0627 2016 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:33:18.0643 2016 WmiAcpi - ok
13:33:18.0736 2016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:18.0768 2016 ws2ifsl - ok
13:33:18.0861 2016 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:18.0892 2016 WUDFRd - ok
13:33:19.0173 2016 yukonwlh (f081ed0b8bd09d7f50ac9a30bbbb06bc) C:\Windows\system32\DRIVERS\yk60x86.sys
13:33:19.0189 2016 yukonwlh - ok
13:33:19.0204 2016 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:33:19.0282 2016 \Device\Harddisk0\DR0 - ok
13:33:19.0282 2016 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
13:33:19.0282 2016 \Device\Harddisk1\DR1 - ok
13:33:24.0446 2016 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
13:33:24.0446 2016 \Device\Harddisk2\DR2 - ok
13:33:24.0462 2016 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk3\DR3
13:33:24.0462 2016 \Device\Harddisk3\DR3 - ok
13:33:24.0493 2016 Boot (0x1200) (0053c7cd951aa55055bb85362ef2825f) \Device\Harddisk0\DR0\Partition0
13:33:24.0524 2016 \Device\Harddisk0\DR0\Partition0 - ok
13:33:24.0524 2016 Boot (0x1200) (17efbe126a0d73ffa1d400721bc2935b) \Device\Harddisk1\DR1\Partition0
13:33:24.0524 2016 \Device\Harddisk1\DR1\Partition0 - ok
13:33:24.0540 2016 Boot (0x1200) (f180a011dfbe1a58f59665d44e22738a) \Device\Harddisk2\DR2\Partition0
13:33:24.0540 2016 \Device\Harddisk2\DR2\Partition0 - ok
13:33:24.0540 2016 Boot (0x1200) (73a505f96d98c14b488a8e860b74ca50) \Device\Harddisk3\DR3\Partition0
13:33:24.0540 2016 \Device\Harddisk3\DR3\Partition0 - ok
13:33:24.0540 2016 ============================================================
13:33:24.0540 2016 Scan finished
13:33:24.0540 2016 ============================================================
13:33:24.0555 3324 Detected object count: 0
13:33:24.0555 3324 Actual detected object count: 0
13:36:28.0791 2396 Deinitialize success

VEW System log:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/12/2011 1:58:36 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/12/2011 6:39:48 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The epfwwfpr service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 25/12/2011 6:39:48 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 25/12/2011 6:39:48 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 25/12/2011 6:39:48 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 25/12/2011 6:39:48 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The epfwwfpr service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 25/12/2011 6:39:48 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 25/12/2011 6:39:48 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 25/12/2011 6:39:22 PM
Type: Error Category: 0
Event: 19 Source: Microsoft-Windows-PrintSpooler
The print spooler failed to share printer EPSON Artisan 720 Series with shared resource name EPSON Artisan 720 Series. Error 2114. The printer cannot be used by others on the network.

Log: 'System' Date/Time: 25/12/2011 6:39:22 PM
Type: Error Category: 0
Event: 19 Source: Microsoft-Windows-PrintSpooler
The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/12/2011 6:37:30 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

VEW Application log:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/12/2011 2:19:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Again thank you, Ramon.
  • 0

#6
RKinner
Posted 25 December 2011 - 02:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
What you did was fine. Your malware scans look clean but there was some damage to the Registry. The BFE service (Base Filtering Engine) has been removed so we need to try and get it back.

Follow the instructions on Post #13 here.
http://www.geekstogo...ost__p__2090351

When you run sc query bfe it should say:

SERVICE_NAME: bfe
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING                                                    <==Does it say Running or Stopped?
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0



If ti says Stopped then:

Then Open up the Services window (Start, right click on Computer and select Manage then Services and Applications then Services) and find the IPsec Policy Agent. Right click on it and select Properties then click on the LogOn Tab. It should show that it logs on with Network Service. Does it?

Look at the same thing in BFE. It should say it logs on in Local Service.

Continue for the other services that depend on BFE

IKE and AuthIP IPsec Keying Modules Local Service (just checked, no password given)

Internet Connection Sharing (ICS) Local Service (just checked, no password given)

Routing and Remote Access Local Service (just checked, no password given)

Windows Firewall Local Service with password <==This one is typically not there at all. If that is the case then:

Follow the instructions on Post #34 on http://www.geekstogo...ost__p__2098894
  • 0

#7
Raydiaz
Posted 25 December 2011 - 06:08 PM

Raydiaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ron, followed instructions for post #13 as directed (thrice) running cmd prmpt net start bfe gives return of "The service name is invalid". Running sc query bfe returns "The specified service does not exist as an installed service". In services window IPsec exists but there is no BFE listed.
  • 0

#8
RKinner
Posted 25 December 2011 - 06:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
That's what I get for being lazy. I pointed you to a 64 bit fix when you have 32 bit.

Attached are two zip files. The bfe32.zip should be downloaded, saved, right click and Extract All. Then right click on bfe.reg and Merge. Do you get an error?

To see if it took:

Copy the next line:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Start, All Programs, Accessories then right click on Command Prompt and Run As Admin. Right click and Paste or Edit then Paste and the line should appear. Hit Enter. You should get:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName    REG_SZ    @%SystemRoot%\system32\bfe.dll,-1001
    Group    REG_SZ    NetworkProvider
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServ
iceNoNetwork
    Description    REG_SZ    @%SystemRoot%\system32\bfe.dll,-1002
    ObjectName    REG_SZ    NT AUTHORITY\LocalService
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    RpcSs
    ServiceSidType    REG_DWORD    0x3
    RequiredPrivileges    REG_MULTI_SZ    SeAuditPrivilege
    FailureActions    REG_BINARY    80510100000000000000000003000000140000000100
0000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters


If you don't then we need to take ownership of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services key and give Administrators Full Control:

http://www.askvg.com...key-in-windows/

The other attachment is for the Windows Firewall service if it is missing too. Do the same thing you did to bfe32.reg.
  • 0

#9
Raydiaz
Posted 25 December 2011 - 07:11 PM

Raydiaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Results look like quote above as near as I can tell with all the zeros. Went back and did the sc query; shows bfe as stopped. in management bfe shows as This account "Local Service", IKE and others have Local System bullet checked. Is that correct?
  • 0

#10
RKinner
Posted 25 December 2011 - 07:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Windows Firewall should have Local Service with password

Is it even there?

Is Base Filtering Engine in the service window?

If so and you right click on it and select Properties does it say Startup Type: Automatic? If you try to start it does it say access denied?
  • 0

Advertisements

#11
Raydiaz
Posted 25 December 2011 - 07:51 PM

Raydiaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry I didn't say, Windows Firewall is there with password. BFE is set for Automatic but attempting to Start gives me an "Error 5 access denied" message. I thought I had ownership of everything but I don't know how to tell.
  • 0

#12
RKinner
Posted 25 December 2011 - 08:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
BFE is an odd service. Sometimes the Access Denied comes because it can't talk to other services. That's why we always check that the dependent services are correct. Supposedly it could be any service causing the problem which seems to be a stupid way for them to write this software.

I did find one more place that BFE lives in the registry. Do the usual with the attached safebfe.zip file. Near as I can tell it is just for Safe Mode but it won't hurt to install it. You never know with the registry.

If that doesn't help:
We could try setting the permissions to default. Sometimes that helps.

Download, Save and Install SubInACL from http://www.microsoft...ang=en&id=23510

Allow it to install in the default location.

Then Download the attached reset2.zip file and right click and Extract All then right click on reset2.cmd and Run As Admin. It may take an hour or so to finish.
  • 0

#13
Raydiaz
Posted 25 December 2011 - 10:04 PM

Raydiaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
How to know when reset2 is finished?
  • 0

#14
RKinner
Posted 25 December 2011 - 10:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Right click on the clock and select Task Manager then look under applications to see if reset2.cmd is running also look under Processes for subinacl. I would think if you don't see either file then it should be done. Can't say I've ever run it myself.
  • 0

#15
Raydiaz
Posted 25 December 2011 - 10:39 PM

Raydiaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Okay both done, what's next? Or should I say goodnight and give you a well deserved break?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP