Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My hijack log


  • Please log in to reply

#1
gmcube

gmcube

    Member

  • Member
  • PipPipPip
  • 176 posts
Or rather, my sister's. Its a laptop running windows 7. I'm not that familiar with it or what symptoms its been having other than antivirus pop ups, but it got to the point where the only browser it would run was E explorer, even then it wouldn't load anything. We think it was a site she visited through stumble upon. I ran a hijacker log through an analyzer and it helped a little, enough to get some kind of internet connection through chrome and get the tack manager and msconfig working again, but another scan shows they arent close to being gone. firefox loads, but still doesnt display a page.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:49:17 AM, on 12/26/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2518870-x64.exe
C:\Users\Lauren\Desktop\HijackThis.exe
c:\26539854bdff8f9112474954275b27\Setup.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files (x86)\ChameleonTom\wit4ie.dll
O2 - BHO: chameleontom - {85bc4be9-3d5a-f867-ef08-5e8927739c25} - C:\Windows\SysWow64\-xWEDF.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: FCTBPos00Pos - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Easy Dock] C:\Users\Lauren\Documents\RCA easyRip\EZDock.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: RCA Detective.lnk = C:\Users\Lauren\Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\ChameleonTom\ct.htm
O9 - Extra 'Tools' menuitem: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\ChameleonTom\ct.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files (x86)\Crawler\SSaver\CSSaver.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16512 bytes



Any help would great.

Edited by gmcube, 26 December 2011 - 01:04 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
gmcube

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Ok, I think this this is everything, let me know if Im missing anything because I may have left out a scan or two.

ComboFix 11-12-25.03 - Lauren 12/26/2011 4:26.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1615 [GMT -5:00]
Running from: c:\users\Lauren\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\LP
c:\program files (x86)\LP\3DC7\1C9C.tmp
c:\program files (x86)\LP\3DC7\4B9.tmp
c:\program files (x86)\LP\3DC7\599D.tmp
c:\program files (x86)\LP\3DC7\5EB6.tmp
c:\program files (x86)\LP\3DC7\5FC1.tmp
c:\program files (x86)\LP\3DC7\6DD9.tmp
c:\program files (x86)\LP\3DC7\9BE8.tmp
c:\program files (x86)\LP\3DC7\AAE9.tmp
c:\program files (x86)\LP\3DC7\E01A.tmp
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\basis.xml
c:\program files (x86)\Search Toolbar\bg.bmp
c:\program files (x86)\Search Toolbar\bing_logo.png
c:\program files (x86)\Search Toolbar\celebrity.png
c:\program files (x86)\Search Toolbar\drop_images.png
c:\program files (x86)\Search Toolbar\drop_maps.png
c:\program files (x86)\Search Toolbar\drop_news.png
c:\program files (x86)\Search Toolbar\drop_videos.png
c:\program files (x86)\Search Toolbar\drop_web.png
c:\program files (x86)\Search Toolbar\facebook.png
c:\program files (x86)\Search Toolbar\favicon.png
c:\program files (x86)\Search Toolbar\games.png
c:\program files (x86)\Search Toolbar\hotmail.png
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\images.png
c:\program files (x86)\Search Toolbar\include.xml
c:\program files (x86)\Search Toolbar\info.txt
c:\program files (x86)\Search Toolbar\lifestyle.png
c:\program files (x86)\Search Toolbar\maps.png
c:\program files (x86)\Search Toolbar\messenger.png
c:\program files (x86)\Search Toolbar\msn.png
c:\program files (x86)\Search Toolbar\news.png
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\tbcore3.dll
c:\program files (x86)\Search Toolbar\tbhelper.dll
c:\program files (x86)\Search Toolbar\twitter.png
c:\program files (x86)\Search Toolbar\uninstall.exe
c:\program files (x86)\Search Toolbar\update.exe
c:\program files (x86)\Search Toolbar\version.txt
c:\program files (x86)\Search Toolbar\video.png
c:\program files (x86)\Search Toolbar\videos.png
c:\program files (x86)\Search Toolbar\weather.png
c:\program files (x86)\Search Toolbar\web.png
c:\windows\system32\java.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-26 08:34 . 2011-12-26 08:34 -------- d-----w- c:\users\Lauren\AppData\Roaming\HPAppData
2011-12-22 21:57 . 2011-12-23 19:53 -------- d-----w- c:\users\Sissy\AppData\Roaming\784F6
2011-12-20 06:02 . 2011-12-23 20:01 -------- d-----w- c:\program files (x86)\F6453
2011-12-20 06:02 . 2011-12-23 20:01 -------- d-----w- c:\users\Lauren\AppData\Roaming\784F6
2011-12-14 05:30 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 05:30 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-11 00:25 . 2011-12-15 19:01 -------- d-----w- C:\90cbf9cd9ab13bebf9
2011-12-11 00:11 . 2011-12-11 00:11 -------- d-----w- C:\e573631b325b67afbb97d93a4f95
2011-12-09 07:16 . 2010-12-21 05:55 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2011-12-09 07:16 . 2010-12-21 05:55 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2011-12-09 07:16 . 2010-12-21 05:55 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2011-12-09 07:16 . 2010-12-21 05:55 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2011-12-09 07:16 . 2010-12-21 05:55 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2011-12-09 07:16 . 2010-12-21 05:55 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2011-12-09 07:16 . 2010-12-21 05:55 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2011-12-09 07:15 . 2011-12-09 07:26 -------- d-----w- c:\programdata\Samsung
2011-12-09 07:15 . 2011-12-09 07:16 -------- d-----w- c:\program files (x86)\Samsung
2011-12-09 07:14 . 2011-12-09 07:14 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-12-09 07:14 . 2011-12-09 07:14 770912 ----a-w- c:\windows\SysWow64\Msfdbqp.dll
2011-12-09 07:14 . 2011-12-09 07:14 397152 ----a-w- c:\windows\SysWow64\Msfdbse.dll
2011-12-09 07:14 . 2011-12-09 07:14 189792 ----a-w- c:\windows\SysWow64\SimpleProviders2.dll
2011-12-09 07:14 . 2011-12-09 07:14 511328 ----a-w- c:\windows\SysWow64\Synchronization2.dll
2011-12-09 07:14 . 2011-12-09 07:14 253280 ----a-w- c:\windows\SysWow64\MetaStore2.dll
2011-12-09 07:14 . 2011-12-09 07:14 230240 ----a-w- c:\windows\SysWow64\Msfdb.dll
2011-12-09 07:14 . 2011-12-09 07:14 171360 ----a-w- c:\windows\SysWow64\FileSyncProvider2.dll
2011-12-09 07:14 . 2011-12-09 07:14 156512 ----a-w- c:\windows\SysWow64\FeedSync2.dll
2011-12-03 23:32 . 2011-12-03 23:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-03 23:30 . 2011-12-03 23:30 -------- d-----w- c:\windows\system32\Macromed
2011-12-03 23:30 . 2011-12-03 23:30 -------- d-----w- c:\programdata\McAfee
2011-11-30 02:48 . 2011-11-30 04:06 -------- d-----w- C:\34dbc09962a5902b12e183b5de
2011-11-30 02:25 . 2011-11-30 02:25 -------- d-----w- c:\windows\system32\SPReview
2011-11-30 02:23 . 2011-11-30 02:23 -------- d-----w- c:\windows\system32\EventProviders
2011-11-28 01:37 . 2011-11-29 18:15 -------- d-----w- C:\7f1b41ba1b9ff5e8196d1bc7510f23bd
2011-11-28 01:26 . 2011-11-28 01:26 -------- d-----w- C:\3722b235154e0c8c6f1c9eb9483372bb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 02:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-30 02:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-29 16:29 . 2011-11-09 22:07 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-06-22 02:46 1544192 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2011-06-22 1544192]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
.
c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\users\Lauren\Documents\RCA Detective\RCADetective.exe [2010-6-23 804352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-5-24 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 15:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-859783317-3874007999-862408240-1000Core.job
- c:\users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 01:28]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-859783317-3874007999-862408240-1000UA.job
- c:\users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 01:28]
.
2011-12-26 c:\windows\Tasks\HPCeeScheduleForLauren.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
FF - ProfilePath - c:\users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\ma5zclyy.default\
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files (x86)\Search Toolbar\tbcore3.dll
Wow6432Node-HKLM-Run-Easy Dock - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-_J19_1296 - c:\windows\system32\_J19_1296.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\AVG\AVG9\avgtray.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2011-12-26 05:15:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-26 10:15
.
Pre-Run: 180,556,390,400 bytes free
Post-Run: 180,073,308,160 bytes free
.
- - End Of File - - AA012C1F6A77929CCDE5A8F9B3363E29



16:13:55.0281 4116 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:13:55.0515 4116 ============================================================
16:13:55.0515 4116 Current date / time: 2011/12/26 16:13:55.0515
16:13:55.0515 4116 SystemInfo:
16:13:55.0515 4116
16:13:55.0515 4116 OS Version: 6.1.7601 ServicePack: 1.0
16:13:55.0515 4116 Product type: Workstation
16:13:55.0515 4116 ComputerName: LAUREN-PC
16:13:55.0515 4116 UserName: Lauren
16:13:55.0515 4116 Windows directory: C:\Windows
16:13:55.0515 4116 System windows directory: C:\Windows
16:13:55.0515 4116 Running under WOW64
16:13:55.0515 4116 Processor architecture: Intel x64
16:13:55.0515 4116 Number of processors: 1
16:13:55.0515 4116 Page size: 0x1000
16:13:55.0515 4116 Boot type: Normal boot
16:13:55.0515 4116 ============================================================
16:13:56.0732 4116 Initialize success
16:16:02.0733 3840 ============================================================
16:16:02.0733 3840 Scan started
16:16:02.0733 3840 Mode: Manual;
16:16:02.0733 3840 ============================================================
16:16:03.0841 3840 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:16:03.0856 3840 1394ohci - ok
16:16:03.0934 3840 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:16:03.0934 3840 ACPI - ok
16:16:03.0997 3840 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:16:03.0997 3840 AcpiPmi - ok
16:16:04.0090 3840 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:16:04.0106 3840 adp94xx - ok
16:16:04.0168 3840 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:16:04.0168 3840 adpahci - ok
16:16:04.0278 3840 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:16:04.0293 3840 adpu320 - ok
16:16:04.0402 3840 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:16:04.0434 3840 AFD - ok
16:16:04.0543 3840 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:16:04.0543 3840 agp440 - ok
16:16:04.0668 3840 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:16:04.0668 3840 aliide - ok
16:16:04.0683 3840 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:16:04.0683 3840 amdide - ok
16:16:04.0746 3840 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:16:04.0746 3840 AmdK8 - ok
16:16:04.0777 3840 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:16:04.0777 3840 AmdPPM - ok
16:16:04.0839 3840 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:16:04.0839 3840 amdsata - ok
16:16:04.0902 3840 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:16:04.0902 3840 amdsbs - ok
16:16:04.0948 3840 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:16:04.0948 3840 amdxata - ok
16:16:05.0011 3840 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:16:05.0026 3840 AppID - ok
16:16:05.0198 3840 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:16:05.0198 3840 arc - ok
16:16:05.0245 3840 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:16:05.0245 3840 arcsas - ok
16:16:05.0869 3840 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:16:05.0978 3840 AsyncMac - ok
16:16:06.0415 3840 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:16:06.0415 3840 atapi - ok
16:16:06.0836 3840 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
16:16:06.0914 3840 athr - ok
16:16:07.0086 3840 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
16:16:07.0086 3840 AvgLdx64 - ok
16:16:07.0148 3840 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\System32\Drivers\avgmfx64.sys
16:16:07.0148 3840 AvgMfx64 - ok
16:16:07.0210 3840 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\System32\Drivers\avgtdia.sys
16:16:07.0210 3840 AvgTdiA - ok
16:16:07.0320 3840 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:16:07.0335 3840 b06bdrv - ok
16:16:07.0444 3840 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:16:07.0476 3840 b57nd60a - ok
16:16:07.0663 3840 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:16:07.0663 3840 Beep - ok
16:16:07.0694 3840 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:16:07.0694 3840 blbdrive - ok
16:16:07.0834 3840 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:16:07.0866 3840 bowser - ok
16:16:07.0944 3840 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:16:07.0990 3840 BrFiltLo - ok
16:16:08.0037 3840 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:16:08.0037 3840 BrFiltUp - ok
16:16:08.0084 3840 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:16:08.0412 3840 Brserid - ok
16:16:08.0817 3840 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:16:08.0848 3840 BrSerWdm - ok
16:16:08.0990 3840 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:16:09.0177 3840 BrUsbMdm - ok
16:16:09.0333 3840 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:16:09.0458 3840 BrUsbSer - ok
16:16:09.0723 3840 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:16:09.0895 3840 BTHMODEM - ok
16:16:10.0238 3840 catchme - ok
16:16:11.0938 3840 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:16:12.0001 3840 CAXHWAZL - ok
16:16:12.0578 3840 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:16:12.0687 3840 cdfs - ok
16:16:12.0812 3840 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:16:12.0812 3840 cdrom - ok
16:16:12.0905 3840 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:16:12.0905 3840 circlass - ok
16:16:12.0983 3840 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:16:12.0983 3840 CLFS - ok
16:16:13.0155 3840 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:16:13.0155 3840 CmBatt - ok
16:16:13.0202 3840 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:16:13.0202 3840 cmdide - ok
16:16:13.0249 3840 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:16:13.0249 3840 CNG - ok
16:16:13.0327 3840 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys
16:16:13.0358 3840 CnxtHdAudService - ok
16:16:13.0498 3840 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:16:13.0514 3840 Compbatt - ok
16:16:13.0639 3840 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:16:13.0639 3840 CompositeBus - ok
16:16:13.0701 3840 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:16:13.0701 3840 crcdisk - ok
16:16:13.0873 3840 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:16:13.0904 3840 DfsC - ok
16:16:14.0091 3840 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:16:14.0091 3840 discache - ok
16:16:14.0153 3840 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:16:14.0153 3840 Disk - ok
16:16:14.0263 3840 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:16:14.0263 3840 drmkaud - ok
16:16:14.0325 3840 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:16:14.0356 3840 DXGKrnl - ok
16:16:14.0543 3840 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:16:14.0621 3840 ebdrv - ok
16:16:14.0793 3840 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:16:14.0793 3840 elxstor - ok
16:16:14.0840 3840 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:16:14.0855 3840 ErrDev - ok
16:16:14.0918 3840 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:16:14.0933 3840 exfat - ok
16:16:14.0965 3840 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:16:14.0996 3840 fastfat - ok
16:16:15.0089 3840 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:16:15.0105 3840 fdc - ok
16:16:15.0167 3840 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:16:15.0167 3840 FileInfo - ok
16:16:15.0245 3840 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:16:15.0245 3840 Filetrace - ok
16:16:15.0308 3840 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:16:15.0308 3840 flpydisk - ok
16:16:15.0370 3840 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:16:15.0370 3840 FltMgr - ok
16:16:15.0417 3840 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:16:15.0433 3840 FsDepends - ok
16:16:15.0464 3840 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:16:15.0479 3840 Fs_Rec - ok
16:16:15.0604 3840 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:16:15.0604 3840 fvevol - ok
16:16:15.0651 3840 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:16:15.0651 3840 gagp30kx - ok
16:16:15.0791 3840 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:16:15.0791 3840 GEARAspiWDM - ok
16:16:15.0854 3840 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:16:15.0854 3840 hcw85cir - ok
16:16:15.0916 3840 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:16:15.0932 3840 HdAudAddService - ok
16:16:16.0025 3840 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:16:16.0025 3840 HDAudBus - ok
16:16:16.0088 3840 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:16:16.0119 3840 HidBatt - ok
16:16:16.0228 3840 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:16:16.0228 3840 HidBth - ok
16:16:16.0259 3840 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:16:16.0259 3840 HidIr - ok
16:16:16.0384 3840 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:16:16.0400 3840 HidUsb - ok
16:16:16.0618 3840 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:16:16.0618 3840 HpqKbFiltr - ok
16:16:16.0743 3840 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:16:16.0743 3840 HpSAMD - ok
16:16:16.0915 3840 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:16:16.0961 3840 HSF_DPV - ok
16:16:17.0055 3840 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:16:17.0086 3840 HTTP - ok
16:16:17.0133 3840 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:16:17.0149 3840 hwpolicy - ok
16:16:17.0195 3840 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:16:17.0211 3840 i8042prt - ok
16:16:17.0320 3840 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:16:17.0320 3840 iaStorV - ok
16:16:17.0585 3840 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:16:17.0819 3840 igfx - ok
16:16:17.0882 3840 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:16:17.0882 3840 iirsp - ok
16:16:17.0944 3840 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:16:17.0960 3840 intelide - ok
16:16:18.0007 3840 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:16:18.0007 3840 intelppm - ok
16:16:18.0053 3840 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:16:18.0053 3840 IpFilterDriver - ok
16:16:18.0085 3840 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:16:18.0100 3840 IPMIDRV - ok
16:16:18.0163 3840 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:16:18.0163 3840 IPNAT - ok
16:16:18.0256 3840 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:16:18.0272 3840 IRENUM - ok
16:16:18.0319 3840 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:16:18.0319 3840 isapnp - ok
16:16:18.0365 3840 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:16:18.0365 3840 iScsiPrt - ok
16:16:18.0553 3840 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:16:18.0865 3840 kbdclass - ok
16:16:18.0943 3840 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:16:18.0958 3840 kbdhid - ok
16:16:19.0005 3840 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:16:19.0005 3840 KSecDD - ok
16:16:19.0239 3840 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:16:19.0255 3840 KSecPkg - ok
16:16:19.0301 3840 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:16:19.0301 3840 ksthunk - ok
16:16:19.0473 3840 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:16:19.0473 3840 lltdio - ok
16:16:19.0613 3840 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:16:19.0613 3840 LSI_FC - ok
16:16:19.0707 3840 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:16:19.0707 3840 LSI_SAS - ok
16:16:19.0769 3840 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:16:19.0769 3840 LSI_SAS2 - ok
16:16:19.0863 3840 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:16:19.0863 3840 LSI_SCSI - ok
16:16:19.0910 3840 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:16:19.0910 3840 luafv - ok
16:16:19.0972 3840 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:16:19.0988 3840 LVPr2M64 - ok
16:16:20.0019 3840 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:16:20.0019 3840 LVPr2Mon - ok
16:16:20.0144 3840 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:16:20.0144 3840 mdmxsdk - ok
16:16:20.0191 3840 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:16:20.0191 3840 megasas - ok
16:16:20.0237 3840 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:16:20.0237 3840 MegaSR - ok
16:16:20.0269 3840 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:16:20.0269 3840 Modem - ok
16:16:20.0315 3840 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:16:20.0315 3840 monitor - ok
16:16:20.0378 3840 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:16:20.0378 3840 mouclass - ok
16:16:20.0456 3840 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:16:20.0456 3840 mouhid - ok
16:16:20.0534 3840 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:16:20.0534 3840 mountmgr - ok
16:16:20.0612 3840 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:16:20.0612 3840 mpio - ok
16:16:20.0659 3840 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:16:20.0659 3840 mpsdrv - ok
16:16:20.0705 3840 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:16:20.0705 3840 MRxDAV - ok
16:16:20.0752 3840 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:16:20.0768 3840 mrxsmb - ok
16:16:20.0830 3840 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:16:20.0861 3840 mrxsmb10 - ok
16:16:20.0955 3840 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:16:20.0971 3840 mrxsmb20 - ok
16:16:21.0017 3840 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:16:21.0049 3840 msahci - ok
16:16:21.0127 3840 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:16:21.0127 3840 msdsm - ok
16:16:21.0189 3840 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:16:21.0205 3840 Msfs - ok
16:16:21.0251 3840 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:16:21.0267 3840 mshidkmdf - ok
16:16:21.0314 3840 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:16:21.0314 3840 msisadrv - ok
16:16:21.0439 3840 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:16:21.0454 3840 MSKSSRV - ok
16:16:21.0485 3840 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:16:21.0485 3840 MSPCLOCK - ok
16:16:21.0532 3840 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:16:21.0548 3840 MSPQM - ok
16:16:21.0657 3840 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:16:21.0657 3840 MsRPC - ok
16:16:21.0719 3840 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:16:21.0719 3840 mssmbios - ok
16:16:21.0766 3840 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:16:21.0782 3840 MSTEE - ok
16:16:21.0813 3840 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:16:21.0844 3840 MTConfig - ok
16:16:21.0875 3840 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:16:21.0875 3840 Mup - ok
16:16:22.0000 3840 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:16:22.0000 3840 NativeWifiP - ok
16:16:22.0078 3840 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:16:22.0109 3840 NDIS - ok
16:16:22.0203 3840 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:16:22.0219 3840 NdisCap - ok
16:16:22.0250 3840 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:16:22.0250 3840 NdisTapi - ok
16:16:22.0359 3840 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:16:22.0375 3840 Ndisuio - ok
16:16:22.0421 3840 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:16:22.0437 3840 NdisWan - ok
16:16:22.0484 3840 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:16:22.0499 3840 NDProxy - ok
16:16:22.0609 3840 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:16:22.0624 3840 NetBIOS - ok
16:16:22.0671 3840 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:16:22.0687 3840 NetBT - ok
16:16:22.0921 3840 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
16:16:23.0061 3840 netw5v64 - ok
16:16:23.0108 3840 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:16:23.0108 3840 nfrd960 - ok
16:16:23.0170 3840 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:16:23.0170 3840 Npfs - ok
16:16:23.0217 3840 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:16:23.0217 3840 nsiproxy - ok
16:16:23.0326 3840 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:16:23.0357 3840 Ntfs - ok
16:16:23.0435 3840 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:16:23.0435 3840 Null - ok
16:16:23.0498 3840 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:16:23.0498 3840 nvraid - ok
16:16:23.0545 3840 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:16:23.0560 3840 nvstor - ok
16:16:23.0623 3840 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:16:23.0623 3840 nv_agp - ok
16:16:23.0701 3840 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:16:23.0701 3840 ohci1394 - ok
16:16:23.0872 3840 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:16:23.0872 3840 Parport - ok
16:16:23.0919 3840 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:16:23.0919 3840 partmgr - ok
16:16:23.0997 3840 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:16:23.0997 3840 pci - ok
16:16:24.0044 3840 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:16:24.0044 3840 pciide - ok
16:16:24.0137 3840 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:16:24.0137 3840 pcmcia - ok
16:16:24.0247 3840 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:16:24.0262 3840 pcw - ok
16:16:24.0356 3840 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:16:24.0418 3840 PEAUTH - ok
16:16:24.0590 3840 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:16:24.0590 3840 PptpMiniport - ok
16:16:24.0637 3840 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:16:24.0637 3840 Processor - ok
16:16:24.0699 3840 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:16:24.0699 3840 Psched - ok
16:16:24.0777 3840 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:16:24.0808 3840 ql2300 - ok
16:16:24.0839 3840 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:16:24.0839 3840 ql40xx - ok
16:16:24.0886 3840 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:16:24.0902 3840 QWAVEdrv - ok
16:16:24.0917 3840 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:16:24.0949 3840 RasAcd - ok
16:16:25.0011 3840 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:16:25.0011 3840 RasAgileVpn - ok
16:16:25.0073 3840 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:16:25.0073 3840 Rasl2tp - ok
16:16:25.0151 3840 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:16:25.0167 3840 RasPppoe - ok
16:16:25.0276 3840 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:16:25.0276 3840 RasSstp - ok
16:16:25.0323 3840 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:16:25.0339 3840 rdbss - ok
16:16:25.0370 3840 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:16:25.0385 3840 rdpbus - ok
16:16:25.0432 3840 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:16:25.0448 3840 RDPCDD - ok
16:16:25.0510 3840 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:16:25.0510 3840 RDPENCDD - ok
16:16:25.0557 3840 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:16:25.0557 3840 RDPREFMP - ok
16:16:25.0651 3840 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:16:25.0651 3840 RDPWD - ok
16:16:25.0744 3840 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:16:25.0760 3840 rdyboost - ok
16:16:25.0869 3840 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:16:25.0869 3840 rspndr - ok
16:16:25.0931 3840 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
16:16:25.0931 3840 RSUSBSTOR - ok
16:16:25.0994 3840 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:16:26.0025 3840 RTL8167 - ok
16:16:26.0134 3840 RtsUIR - ok
16:16:26.0197 3840 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:16:26.0197 3840 sbp2port - ok
16:16:26.0259 3840 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:16:26.0259 3840 scfilter - ok
16:16:26.0353 3840 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:16:26.0353 3840 sdbus - ok
16:16:26.0446 3840 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:16:26.0462 3840 secdrv - ok
16:16:26.0555 3840 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:16:26.0555 3840 Serenum - ok
16:16:26.0602 3840 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:16:26.0602 3840 Serial - ok
16:16:26.0649 3840 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:16:26.0665 3840 sermouse - ok
16:16:26.0727 3840 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:16:26.0727 3840 sffdisk - ok
16:16:26.0758 3840 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:16:26.0758 3840 sffp_mmc - ok
16:16:26.0774 3840 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:16:26.0774 3840 sffp_sd - ok
16:16:26.0821 3840 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:16:26.0836 3840 sfloppy - ok
16:16:26.0899 3840 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:16:26.0899 3840 SiSRaid2 - ok
16:16:26.0945 3840 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:16:26.0945 3840 SiSRaid4 - ok
16:16:26.0992 3840 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:16:27.0008 3840 Smb - ok
16:16:27.0117 3840 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:16:27.0148 3840 spldr - ok
16:16:27.0226 3840 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:16:27.0273 3840 srv - ok
16:16:27.0367 3840 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:16:27.0382 3840 srv2 - ok
16:16:27.0460 3840 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:16:27.0476 3840 SrvHsfHDA - ok
16:16:27.0523 3840 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:16:27.0569 3840 SrvHsfV92 - ok
16:16:27.0601 3840 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:16:27.0616 3840 SrvHsfWinac - ok
16:16:27.0679 3840 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:16:27.0679 3840 srvnet - ok
16:16:27.0741 3840 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
16:16:27.0757 3840 ssadbus - ok
16:16:27.0835 3840 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:16:27.0835 3840 ssadmdfl - ok
16:16:27.0850 3840 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
16:16:27.0866 3840 ssadmdm - ok
16:16:27.0928 3840 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
16:16:27.0928 3840 sscdbus - ok
16:16:28.0006 3840 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
16:16:28.0006 3840 sscdmdfl - ok
16:16:28.0069 3840 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
16:16:28.0069 3840 sscdmdm - ok
16:16:28.0147 3840 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:16:28.0147 3840 stexstor - ok
16:16:28.0209 3840 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:16:28.0225 3840 swenum - ok
16:16:28.0287 3840 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
16:16:28.0303 3840 SynTP - ok
16:16:28.0412 3840 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:16:28.0459 3840 Tcpip - ok
16:16:28.0537 3840 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:16:28.0552 3840 TCPIP6 - ok
16:16:28.0661 3840 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:16:28.0677 3840 tcpipreg - ok
16:16:28.0739 3840 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:16:28.0755 3840 TDPIPE - ok
16:16:28.0771 3840 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:16:28.0786 3840 TDTCP - ok
16:16:28.0849 3840 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:16:28.0849 3840 tdx - ok
16:16:28.0895 3840 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:16:28.0895 3840 TermDD - ok
16:16:28.0989 3840 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:16:28.0989 3840 tssecsrv - ok
16:16:29.0051 3840 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:16:29.0051 3840 TsUsbFlt - ok
16:16:29.0192 3840 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:16:29.0207 3840 tunnel - ok
16:16:29.0254 3840 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:16:29.0254 3840 uagp35 - ok
16:16:29.0301 3840 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:16:29.0317 3840 udfs - ok
16:16:29.0395 3840 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:16:29.0410 3840 uliagpkx - ok
16:16:29.0504 3840 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:16:29.0504 3840 umbus - ok
16:16:29.0551 3840 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:16:29.0566 3840 UmPass - ok
16:16:29.0691 3840 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:16:29.0691 3840 usbaudio - ok
16:16:29.0753 3840 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:16:29.0753 3840 usbccgp - ok
16:16:29.0831 3840 USBCCID - ok
16:16:29.0894 3840 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:16:29.0909 3840 usbcir - ok
16:16:29.0987 3840 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:16:29.0987 3840 usbehci - ok
16:16:30.0034 3840 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:16:30.0034 3840 usbhub - ok
16:16:30.0128 3840 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:16:30.0128 3840 usbohci - ok
16:16:30.0159 3840 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:16:30.0175 3840 usbprint - ok
16:16:30.0206 3840 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:16:30.0206 3840 USBSTOR - ok
16:16:30.0253 3840 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:16:30.0268 3840 usbuhci - ok
16:16:30.0362 3840 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:16:30.0362 3840 usbvideo - ok
16:16:30.0440 3840 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:16:30.0440 3840 vdrvroot - ok
16:16:30.0533 3840 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:16:30.0533 3840 vga - ok
16:16:30.0565 3840 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:16:30.0565 3840 VgaSave - ok
16:16:30.0611 3840 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:16:30.0611 3840 vhdmp - ok
16:16:30.0658 3840 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:16:30.0674 3840 viaide - ok
16:16:30.0705 3840 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:16:30.0705 3840 volmgr - ok
16:16:30.0752 3840 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:16:30.0767 3840 volmgrx - ok
16:16:30.0814 3840 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:16:30.0830 3840 volsnap - ok
16:16:30.0892 3840 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:16:30.0892 3840 vsmraid - ok
16:16:30.0939 3840 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:16:30.0939 3840 vwifibus - ok
16:16:31.0001 3840 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:16:31.0001 3840 vwififlt - ok
16:16:31.0079 3840 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:16:31.0095 3840 vwifimp - ok
16:16:31.0173 3840 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:16:31.0173 3840 WacomPen - ok
16:16:31.0267 3840 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:16:31.0267 3840 WANARP - ok
16:16:31.0282 3840 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:16:31.0282 3840 Wanarpv6 - ok
16:16:31.0454 3840 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:16:31.0454 3840 Wd - ok
16:16:31.0501 3840 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:16:31.0516 3840 Wdf01000 - ok
16:16:31.0594 3840 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:16:31.0594 3840 WfpLwf - ok
16:16:31.0625 3840 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:16:31.0625 3840 WIMMount - ok
16:16:31.0688 3840 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:16:31.0750 3840 winachsf - ok
16:16:31.0922 3840 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:16:31.0922 3840 WinUsb - ok
16:16:32.0000 3840 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:16:32.0000 3840 WmiAcpi - ok
16:16:32.0047 3840 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:16:32.0062 3840 ws2ifsl - ok
16:16:32.0218 3840 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:16:32.0234 3840 WudfPf - ok
16:16:32.0296 3840 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
16:16:32.0312 3840 XAudio - ok
16:16:32.0421 3840 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
16:16:32.0437 3840 yukonw7 - ok
16:16:32.0483 3840 MBR (0x1B8) (efc2eced49282702db0b737570780fb0) \Device\Harddisk0\DR0
16:16:32.0530 3840 \Device\Harddisk0\DR0 - ok
16:16:32.0530 3840 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR1
16:16:32.0546 3840 \Device\Harddisk1\DR1 - ok
16:16:32.0577 3840 Boot (0x1200) (7f67f5317908094149ebcf2473da5f3b) \Device\Harddisk0\DR0\Partition0
16:16:32.0577 3840 \Device\Harddisk0\DR0\Partition0 - ok
16:16:32.0593 3840 Boot (0x1200) (4ff2c92f9e2505b9e3b9a2a2f8d669a1) \Device\Harddisk0\DR0\Partition1
16:16:32.0593 3840 \Device\Harddisk0\DR0\Partition1 - ok
16:16:32.0639 3840 Boot (0x1200) (7da8f46c8800462b5490b008ab722a53) \Device\Harddisk0\DR0\Partition2
16:16:32.0639 3840 \Device\Harddisk0\DR0\Partition2 - ok
16:16:32.0655 3840 Boot (0x1200) (036622153341d149fbb69d5d71a6eda2) \Device\Harddisk1\DR1\Partition0
16:16:32.0655 3840 \Device\Harddisk1\DR1\Partition0 - ok
16:16:32.0655 3840 ============================================================
16:16:32.0655 3840 Scan finished
16:16:32.0655 3840 ============================================================
16:16:32.0671 5296 Detected object count: 0
16:16:32.0671 5296 Actual detected object count: 0
16:19:10.0505 0408 Deinitialize success




16:13:55.0281 4116 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:13:55.0515 4116 ============================================================
16:13:55.0515 4116 Current date / time: 2011/12/26 16:13:55.0515
16:13:55.0515 4116 SystemInfo:
16:13:55.0515 4116
16:13:55.0515 4116 OS Version: 6.1.7601 ServicePack: 1.0
16:13:55.0515 4116 Product type: Workstation
16:13:55.0515 4116 ComputerName: LAUREN-PC
16:13:55.0515 4116 UserName: Lauren
16:13:55.0515 4116 Windows directory: C:\Windows
16:13:55.0515 4116 System windows directory: C:\Windows
16:13:55.0515 4116 Running under WOW64
16:13:55.0515 4116 Processor architecture: Intel x64
16:13:55.0515 4116 Number of processors: 1
16:13:55.0515 4116 Page size: 0x1000
16:13:55.0515 4116 Boot type: Normal boot
16:13:55.0515 4116 ============================================================
16:13:56.0732 4116 Initialize success
16:16:02.0733 3840 ============================================================
16:16:02.0733 3840 Scan started
16:16:02.0733 3840 Mode: Manual;
16:16:02.0733 3840 ============================================================
16:16:03.0841 3840 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:16:03.0856 3840 1394ohci - ok
16:16:03.0934 3840 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:16:03.0934 3840 ACPI - ok
16:16:03.0997 3840 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:16:03.0997 3840 AcpiPmi - ok
16:16:04.0090 3840 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:16:04.0106 3840 adp94xx - ok
16:16:04.0168 3840 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:16:04.0168 3840 adpahci - ok
16:16:04.0278 3840 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:16:04.0293 3840 adpu320 - ok
16:16:04.0402 3840 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:16:04.0434 3840 AFD - ok
16:16:04.0543 3840 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:16:04.0543 3840 agp440 - ok
16:16:04.0668 3840 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:16:04.0668 3840 aliide - ok
16:16:04.0683 3840 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:16:04.0683 3840 amdide - ok
16:16:04.0746 3840 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:16:04.0746 3840 AmdK8 - ok
16:16:04.0777 3840 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:16:04.0777 3840 AmdPPM - ok
16:16:04.0839 3840 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:16:04.0839 3840 amdsata - ok
16:16:04.0902 3840 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:16:04.0902 3840 amdsbs - ok
16:16:04.0948 3840 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:16:04.0948 3840 amdxata - ok
16:16:05.0011 3840 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:16:05.0026 3840 AppID - ok
16:16:05.0198 3840 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:16:05.0198 3840 arc - ok
16:16:05.0245 3840 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:16:05.0245 3840 arcsas - ok
16:16:05.0869 3840 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:16:05.0978 3840 AsyncMac - ok
16:16:06.0415 3840 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:16:06.0415 3840 atapi - ok
16:16:06.0836 3840 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
16:16:06.0914 3840 athr - ok
16:16:07.0086 3840 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
16:16:07.0086 3840 AvgLdx64 - ok
16:16:07.0148 3840 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\System32\Drivers\avgmfx64.sys
16:16:07.0148 3840 AvgMfx64 - ok
16:16:07.0210 3840 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\System32\Drivers\avgtdia.sys
16:16:07.0210 3840 AvgTdiA - ok
16:16:07.0320 3840 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:16:07.0335 3840 b06bdrv - ok
16:16:07.0444 3840 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:16:07.0476 3840 b57nd60a - ok
16:16:07.0663 3840 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:16:07.0663 3840 Beep - ok
16:16:07.0694 3840 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:16:07.0694 3840 blbdrive - ok
16:16:07.0834 3840 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:16:07.0866 3840 bowser - ok
16:16:07.0944 3840 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:16:07.0990 3840 BrFiltLo - ok
16:16:08.0037 3840 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:16:08.0037 3840 BrFiltUp - ok
16:16:08.0084 3840 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:16:08.0412 3840 Brserid - ok
16:16:08.0817 3840 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:16:08.0848 3840 BrSerWdm - ok
16:16:08.0990 3840 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:16:09.0177 3840 BrUsbMdm - ok
16:16:09.0333 3840 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:16:09.0458 3840 BrUsbSer - ok
16:16:09.0723 3840 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:16:09.0895 3840 BTHMODEM - ok
16:16:10.0238 3840 catchme - ok
16:16:11.0938 3840 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:16:12.0001 3840 CAXHWAZL - ok
16:16:12.0578 3840 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:16:12.0687 3840 cdfs - ok
16:16:12.0812 3840 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:16:12.0812 3840 cdrom - ok
16:16:12.0905 3840 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:16:12.0905 3840 circlass - ok
16:16:12.0983 3840 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:16:12.0983 3840 CLFS - ok
16:16:13.0155 3840 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:16:13.0155 3840 CmBatt - ok
16:16:13.0202 3840 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:16:13.0202 3840 cmdide - ok
16:16:13.0249 3840 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:16:13.0249 3840 CNG - ok
16:16:13.0327 3840 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys
16:16:13.0358 3840 CnxtHdAudService - ok
16:16:13.0498 3840 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:16:13.0514 3840 Compbatt - ok
16:16:13.0639 3840 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:16:13.0639 3840 CompositeBus - ok
16:16:13.0701 3840 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:16:13.0701 3840 crcdisk - ok
16:16:13.0873 3840 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:16:13.0904 3840 DfsC - ok
16:16:14.0091 3840 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:16:14.0091 3840 discache - ok
16:16:14.0153 3840 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:16:14.0153 3840 Disk - ok
16:16:14.0263 3840 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:16:14.0263 3840 drmkaud - ok
16:16:14.0325 3840 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:16:14.0356 3840 DXGKrnl - ok
16:16:14.0543 3840 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:16:14.0621 3840 ebdrv - ok
16:16:14.0793 3840 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:16:14.0793 3840 elxstor - ok
16:16:14.0840 3840 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:16:14.0855 3840 ErrDev - ok
16:16:14.0918 3840 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:16:14.0933 3840 exfat - ok
16:16:14.0965 3840 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:16:14.0996 3840 fastfat - ok
16:16:15.0089 3840 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:16:15.0105 3840 fdc - ok
16:16:15.0167 3840 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:16:15.0167 3840 FileInfo - ok
16:16:15.0245 3840 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:16:15.0245 3840 Filetrace - ok
16:16:15.0308 3840 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:16:15.0308 3840 flpydisk - ok
16:16:15.0370 3840 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:16:15.0370 3840 FltMgr - ok
16:16:15.0417 3840 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:16:15.0433 3840 FsDepends - ok
16:16:15.0464 3840 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:16:15.0479 3840 Fs_Rec - ok
16:16:15.0604 3840 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:16:15.0604 3840 fvevol - ok
16:16:15.0651 3840 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:16:15.0651 3840 gagp30kx - ok
16:16:15.0791 3840 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:16:15.0791 3840 GEARAspiWDM - ok
16:16:15.0854 3840 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:16:15.0854 3840 hcw85cir - ok
16:16:15.0916 3840 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:16:15.0932 3840 HdAudAddService - ok
16:16:16.0025 3840 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:16:16.0025 3840 HDAudBus - ok
16:16:16.0088 3840 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:16:16.0119 3840 HidBatt - ok
16:16:16.0228 3840 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:16:16.0228 3840 HidBth - ok
16:16:16.0259 3840 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:16:16.0259 3840 HidIr - ok
16:16:16.0384 3840 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:16:16.0400 3840 HidUsb - ok
16:16:16.0618 3840 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:16:16.0618 3840 HpqKbFiltr - ok
16:16:16.0743 3840 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:16:16.0743 3840 HpSAMD - ok
16:16:16.0915 3840 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:16:16.0961 3840 HSF_DPV - ok
16:16:17.0055 3840 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:16:17.0086 3840 HTTP - ok
16:16:17.0133 3840 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:16:17.0149 3840 hwpolicy - ok
16:16:17.0195 3840 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:16:17.0211 3840 i8042prt - ok
16:16:17.0320 3840 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:16:17.0320 3840 iaStorV - ok
16:16:17.0585 3840 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:16:17.0819 3840 igfx - ok
16:16:17.0882 3840 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:16:17.0882 3840 iirsp - ok
16:16:17.0944 3840 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:16:17.0960 3840 intelide - ok
16:16:18.0007 3840 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:16:18.0007 3840 intelppm - ok
16:16:18.0053 3840 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:16:18.0053 3840 IpFilterDriver - ok
16:16:18.0085 3840 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:16:18.0100 3840 IPMIDRV - ok
16:16:18.0163 3840 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:16:18.0163 3840 IPNAT - ok
16:16:18.0256 3840 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:16:18.0272 3840 IRENUM - ok
16:16:18.0319 3840 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:16:18.0319 3840 isapnp - ok
16:16:18.0365 3840 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:16:18.0365 3840 iScsiPrt - ok
16:16:18.0553 3840 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:16:18.0865 3840 kbdclass - ok
16:16:18.0943 3840 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:16:18.0958 3840 kbdhid - ok
16:16:19.0005 3840 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:16:19.0005 3840 KSecDD - ok
16:16:19.0239 3840 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:16:19.0255 3840 KSecPkg - ok
16:16:19.0301 3840 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:16:19.0301 3840 ksthunk - ok
16:16:19.0473 3840 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:16:19.0473 3840 lltdio - ok
16:16:19.0613 3840 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:16:19.0613 3840 LSI_FC - ok
16:16:19.0707 3840 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:16:19.0707 3840 LSI_SAS - ok
16:16:19.0769 3840 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:16:19.0769 3840 LSI_SAS2 - ok
16:16:19.0863 3840 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:16:19.0863 3840 LSI_SCSI - ok
16:16:19.0910 3840 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:16:19.0910 3840 luafv - ok
16:16:19.0972 3840 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:16:19.0988 3840 LVPr2M64 - ok
16:16:20.0019 3840 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:16:20.0019 3840 LVPr2Mon - ok
16:16:20.0144 3840 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:16:20.0144 3840 mdmxsdk - ok
16:16:20.0191 3840 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:16:20.0191 3840 megasas - ok
16:16:20.0237 3840 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:16:20.0237 3840 MegaSR - ok
16:16:20.0269 3840 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:16:20.0269 3840 Modem - ok
16:16:20.0315 3840 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:16:20.0315 3840 monitor - ok
16:16:20.0378 3840 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:16:20.0378 3840 mouclass - ok
16:16:20.0456 3840 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:16:20.0456 3840 mouhid - ok
16:16:20.0534 3840 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:16:20.0534 3840 mountmgr - ok
16:16:20.0612 3840 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:16:20.0612 3840 mpio - ok
16:16:20.0659 3840 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:16:20.0659 3840 mpsdrv - ok
16:16:20.0705 3840 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:16:20.0705 3840 MRxDAV - ok
16:16:20.0752 3840 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:16:20.0768 3840 mrxsmb - ok
16:16:20.0830 3840 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:16:20.0861 3840 mrxsmb10 - ok
16:16:20.0955 3840 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:16:20.0971 3840 mrxsmb20 - ok
16:16:21.0017 3840 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:16:21.0049 3840 msahci - ok
16:16:21.0127 3840 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:16:21.0127 3840 msdsm - ok
16:16:21.0189 3840 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:16:21.0205 3840 Msfs - ok
16:16:21.0251 3840 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:16:21.0267 3840 mshidkmdf - ok
16:16:21.0314 3840 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:16:21.0314 3840 msisadrv - ok
16:16:21.0439 3840 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:16:21.0454 3840 MSKSSRV - ok
16:16:21.0485 3840 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:16:21.0485 3840 MSPCLOCK - ok
16:16:21.0532 3840 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:16:21.0548 3840 MSPQM - ok
16:16:21.0657 3840 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:16:21.0657 3840 MsRPC - ok
16:16:21.0719 3840 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:16:21.0719 3840 mssmbios - ok
16:16:21.0766 3840 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:16:21.0782 3840 MSTEE - ok
16:16:21.0813 3840 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:16:21.0844 3840 MTConfig - ok
16:16:21.0875 3840 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:16:21.0875 3840 Mup - ok
16:16:22.0000 3840 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:16:22.0000 3840 NativeWifiP - ok
16:16:22.0078 3840 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:16:22.0109 3840 NDIS - ok
16:16:22.0203 3840 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:16:22.0219 3840 NdisCap - ok
16:16:22.0250 3840 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:16:22.0250 3840 NdisTapi - ok
16:16:22.0359 3840 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:16:22.0375 3840 Ndisuio - ok
16:16:22.0421 3840 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:16:22.0437 3840 NdisWan - ok
16:16:22.0484 3840 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:16:22.0499 3840 NDProxy - ok
16:16:22.0609 3840 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:16:22.0624 3840 NetBIOS - ok
16:16:22.0671 3840 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:16:22.0687 3840 NetBT - ok
16:16:22.0921 3840 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
16:16:23.0061 3840 netw5v64 - ok
16:16:23.0108 3840 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:16:23.0108 3840 nfrd960 - ok
16:16:23.0170 3840 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:16:23.0170 3840 Npfs - ok
16:16:23.0217 3840 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:16:23.0217 3840 nsiproxy - ok
16:16:23.0326 3840 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:16:23.0357 3840 Ntfs - ok
16:16:23.0435 3840 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:16:23.0435 3840 Null - ok
16:16:23.0498 3840 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:16:23.0498 3840 nvraid - ok
16:16:23.0545 3840 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:16:23.0560 3840 nvstor - ok
16:16:23.0623 3840 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:16:23.0623 3840 nv_agp - ok
16:16:23.0701 3840 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:16:23.0701 3840 ohci1394 - ok
16:16:23.0872 3840 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:16:23.0872 3840 Parport - ok
16:16:23.0919 3840 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:16:23.0919 3840 partmgr - ok
16:16:23.0997 3840 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:16:23.0997 3840 pci - ok
16:16:24.0044 3840 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:16:24.0044 3840 pciide - ok
16:16:24.0137 3840 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:16:24.0137 3840 pcmcia - ok
16:16:24.0247 3840 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:16:24.0262 3840 pcw - ok
16:16:24.0356 3840 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:16:24.0418 3840 PEAUTH - ok
16:16:24.0590 3840 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:16:24.0590 3840 PptpMiniport - ok
16:16:24.0637 3840 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:16:24.0637 3840 Processor - ok
16:16:24.0699 3840 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:16:24.0699 3840 Psched - ok
16:16:24.0777 3840 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:16:24.0808 3840 ql2300 - ok
16:16:24.0839 3840 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:16:24.0839 3840 ql40xx - ok
16:16:24.0886 3840 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:16:24.0902 3840 QWAVEdrv - ok
16:16:24.0917 3840 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:16:24.0949 3840 RasAcd - ok
16:16:25.0011 3840 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:16:25.0011 3840 RasAgileVpn - ok
16:16:25.0073 3840 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:16:25.0073 3840 Rasl2tp - ok
16:16:25.0151 3840 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:16:25.0167 3840 RasPppoe - ok
16:16:25.0276 3840 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:16:25.0276 3840 RasSstp - ok
16:16:25.0323 3840 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:16:25.0339 3840 rdbss - ok
16:16:25.0370 3840 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:16:25.0385 3840 rdpbus - ok
16:16:25.0432 3840 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:16:25.0448 3840 RDPCDD - ok
16:16:25.0510 3840 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:16:25.0510 3840 RDPENCDD - ok
16:16:25.0557 3840 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:16:25.0557 3840 RDPREFMP - ok
16:16:25.0651 3840 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:16:25.0651 3840 RDPWD - ok
16:16:25.0744 3840 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:16:25.0760 3840 rdyboost - ok
16:16:25.0869 3840 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:16:25.0869 3840 rspndr - ok
16:16:25.0931 3840 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
16:16:25.0931 3840 RSUSBSTOR - ok
16:16:25.0994 3840 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:16:26.0025 3840 RTL8167 - ok
16:16:26.0134 3840 RtsUIR - ok
16:16:26.0197 3840 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:16:26.0197 3840 sbp2port - ok
16:16:26.0259 3840 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:16:26.0259 3840 scfilter - ok
16:16:26.0353 3840 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:16:26.0353 3840 sdbus - ok
16:16:26.0446 3840 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:16:26.0462 3840 secdrv - ok
16:16:26.0555 3840 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:16:26.0555 3840 Serenum - ok
16:16:26.0602 3840 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:16:26.0602 3840 Serial - ok
16:16:26.0649 3840 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:16:26.0665 3840 sermouse - ok
16:16:26.0727 3840 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:16:26.0727 3840 sffdisk - ok
16:16:26.0758 3840 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:16:26.0758 3840 sffp_mmc - ok
16:16:26.0774 3840 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:16:26.0774 3840 sffp_sd - ok
16:16:26.0821 3840 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:16:26.0836 3840 sfloppy - ok
16:16:26.0899 3840 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:16:26.0899 3840 SiSRaid2 - ok
16:16:26.0945 3840 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:16:26.0945 3840 SiSRaid4 - ok
16:16:26.0992 3840 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:16:27.0008 3840 Smb - ok
16:16:27.0117 3840 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:16:27.0148 3840 spldr - ok
16:16:27.0226 3840 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:16:27.0273 3840 srv - ok
16:16:27.0367 3840 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:16:27.0382 3840 srv2 - ok
16:16:27.0460 3840 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:16:27.0476 3840 SrvHsfHDA - ok
16:16:27.0523 3840 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:16:27.0569 3840 SrvHsfV92 - ok
16:16:27.0601 3840 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:16:27.0616 3840 SrvHsfWinac - ok
16:16:27.0679 3840 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:16:27.0679 3840 srvnet - ok
16:16:27.0741 3840 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
16:16:27.0757 3840 ssadbus - ok
16:16:27.0835 3840 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:16:27.0835 3840 ssadmdfl - ok
16:16:27.0850 3840 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
16:16:27.0866 3840 ssadmdm - ok
16:16:27.0928 3840 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
16:16:27.0928 3840 sscdbus - ok
16:16:28.0006 3840 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
16:16:28.0006 3840 sscdmdfl - ok
16:16:28.0069 3840 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
16:16:28.0069 3840 sscdmdm - ok
16:16:28.0147 3840 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:16:28.0147 3840 stexstor - ok
16:16:28.0209 3840 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:16:28.0225 3840 swenum - ok
16:16:28.0287 3840 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
16:16:28.0303 3840 SynTP - ok
16:16:28.0412 3840 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:16:28.0459 3840 Tcpip - ok
16:16:28.0537 3840 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:16:28.0552 3840 TCPIP6 - ok
16:16:28.0661 3840 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:16:28.0677 3840 tcpipreg - ok
16:16:28.0739 3840 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:16:28.0755 3840 TDPIPE - ok
16:16:28.0771 3840 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:16:28.0786 3840 TDTCP - ok
16:16:28.0849 3840 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:16:28.0849 3840 tdx - ok
16:16:28.0895 3840 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:16:28.0895 3840 TermDD - ok
16:16:28.0989 3840 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:16:28.0989 3840 tssecsrv - ok
16:16:29.0051 3840 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:16:29.0051 3840 TsUsbFlt - ok
16:16:29.0192 3840 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:16:29.0207 3840 tunnel - ok
16:16:29.0254 3840 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:16:29.0254 3840 uagp35 - ok
16:16:29.0301 3840 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:16:29.0317 3840 udfs - ok
16:16:29.0395 3840 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:16:29.0410 3840 uliagpkx - ok
16:16:29.0504 3840 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:16:29.0504 3840 umbus - ok
16:16:29.0551 3840 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:16:29.0566 3840 UmPass - ok
16:16:29.0691 3840 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:16:29.0691 3840 usbaudio - ok
16:16:29.0753 3840 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:16:29.0753 3840 usbccgp - ok
16:16:29.0831 3840 USBCCID - ok
16:16:29.0894 3840 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:16:29.0909 3840 usbcir - ok
16:16:29.0987 3840 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:16:29.0987 3840 usbehci - ok
16:16:30.0034 3840 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:16:30.0034 3840 usbhub - ok
16:16:30.0128 3840 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:16:30.0128 3840 usbohci - ok
16:16:30.0159 3840 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:16:30.0175 3840 usbprint - ok
16:16:30.0206 3840 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:16:30.0206 3840 USBSTOR - ok
16:16:30.0253 3840 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:16:30.0268 3840 usbuhci - ok
16:16:30.0362 3840 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:16:30.0362 3840 usbvideo - ok
16:16:30.0440 3840 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:16:30.0440 3840 vdrvroot - ok
16:16:30.0533 3840 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:16:30.0533 3840 vga - ok
16:16:30.0565 3840 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:16:30.0565 3840 VgaSave - ok
16:16:30.0611 3840 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:16:30.0611 3840 vhdmp - ok
16:16:30.0658 3840 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:16:30.0674 3840 viaide - ok
16:16:30.0705 3840 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:16:30.0705 3840 volmgr - ok
16:16:30.0752 3840 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:16:30.0767 3840 volmgrx - ok
16:16:30.0814 3840 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:16:30.0830 3840 volsnap - ok
16:16:30.0892 3840 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:16:30.0892 3840 vsmraid - ok
16:16:30.0939 3840 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:16:30.0939 3840 vwifibus - ok
16:16:31.0001 3840 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:16:31.0001 3840 vwififlt - ok
16:16:31.0079 3840 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:16:31.0095 3840 vwifimp - ok
16:16:31.0173 3840 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:16:31.0173 3840 WacomPen - ok
16:16:31.0267 3840 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:16:31.0267 3840 WANARP - ok
16:16:31.0282 3840 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:16:31.0282 3840 Wanarpv6 - ok
16:16:31.0454 3840 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:16:31.0454 3840 Wd - ok
16:16:31.0501 3840 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:16:31.0516 3840 Wdf01000 - ok
16:16:31.0594 3840 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:16:31.0594 3840 WfpLwf - ok
16:16:31.0625 3840 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:16:31.0625 3840 WIMMount - ok
16:16:31.0688 3840 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:16:31.0750 3840 winachsf - ok
16:16:31.0922 3840 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:16:31.0922 3840 WinUsb - ok
16:16:32.0000 3840 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:16:32.0000 3840 WmiAcpi - ok
16:16:32.0047 3840 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:16:32.0062 3840 ws2ifsl - ok
16:16:32.0218 3840 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:16:32.0234 3840 WudfPf - ok
16:16:32.0296 3840 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
16:16:32.0312 3840 XAudio - ok
16:16:32.0421 3840 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
16:16:32.0437 3840 yukonw7 - ok
16:16:32.0483 3840 MBR (0x1B8) (efc2eced49282702db0b737570780fb0) \Device\Harddisk0\DR0
16:16:32.0530 3840 \Device\Harddisk0\DR0 - ok
16:16:32.0530 3840 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR1
16:16:32.0546 3840 \Device\Harddisk1\DR1 - ok
16:16:32.0577 3840 Boot (0x1200) (7f67f5317908094149ebcf2473da5f3b) \Device\Harddisk0\DR0\Partition0
16:16:32.0577 3840 \Device\Harddisk0\DR0\Partition0 - ok
16:16:32.0593 3840 Boot (0x1200) (4ff2c92f9e2505b9e3b9a2a2f8d669a1) \Device\Harddisk0\DR0\Partition1
16:16:32.0593 3840 \Device\Harddisk0\DR0\Partition1 - ok
16:16:32.0639 3840 Boot (0x1200) (7da8f46c8800462b5490b008ab722a53) \Device\Harddisk0\DR0\Partition2
16:16:32.0639 3840 \Device\Harddisk0\DR0\Partition2 - ok
16:16:32.0655 3840 Boot (0x1200) (036622153341d149fbb69d5d71a6eda2) \Device\Harddisk1\DR1\Partition0
16:16:32.0655 3840 \Device\Harddisk1\DR1\Partition0 - ok
16:16:32.0655 3840 ============================================================
16:16:32.0655 3840 Scan finished
16:16:32.0655 3840 ============================================================
16:16:32.0671 5296 Detected object count: 0
16:16:32.0671 5296 Actual detected object count: 0
16:19:10.0505 0408 Deinitialize success






OTL Extras logfile created on: 12/26/2011 4:44:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lauren\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 52.43% Memory free
5.86 Gb Paging File | 4.25 Gb Available in Paging File | 72.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 166.87 Gb Free Space | 75.58% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.00 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
Drive F: | 7.63 Gb Total Space | 0.02 Gb Free Space | 0.20% Space Free | Partition Type: FAT32

Computer Name: LAUREN-PC | User Name: Lauren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{83584F8F-6828-440D-B0B4-52495D5DA803}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1D4D3F4F-669D-F5C9-234E-2487A4489C8B}" = The Phlebotomy Textbook, 3rd Edition
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"BREE5" = Brownstone Equation Editor 5
"CCleaner" = CCleaner
"ChameleonTom" = Chameleon Tom
"com.touchwoodcreative.strasinger" = The Phlebotomy Textbook, 3rd Edition
"Control Center for Kodak Webcams" = Control Center for Kodak Webcams
"Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"GOM Player" = GOM Player
"Homepage Protection" = Homepage Protection
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"MP3Torpedo" = MP3Torpedo
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PROR" = Microsoft Office Professional 2007
"RCA Detective™_is1" = RCA Detective™ 3.0.1.1
"RCA easyRip_is1" = RCA easyRip 2.5.2.0
"RCA Updater_is1" = RCA Updater 2.0.5.0
"The KMPlayer" = The KMPlayer (remove only)
"Tutor" = Tutor
"VLC media player" = VLC media player 1.0.3
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2011 10:56:01 PM | Computer Name = Lauren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21613643

Error - 4/29/2011 10:56:01 PM | Computer Name = Lauren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21613643

Error - 4/29/2011 10:56:02 PM | Computer Name = Lauren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/29/2011 10:56:02 PM | Computer Name = Lauren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21614750

Error - 4/29/2011 10:56:02 PM | Computer Name = Lauren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21614750

Error - 4/29/2011 10:56:03 PM | Computer Name = Lauren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/29/2011 10:56:04 PM | Computer Name = Lauren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21616107

Error - 4/29/2011 10:56:04 PM | Computer Name = Lauren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21616107

Error - 4/29/2011 10:56:05 PM | Computer Name = Lauren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/29/2011 10:56:05 PM | Computer Name = Lauren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21617527

[ Hewlett-Packard Events ]
Error - 12/26/2009 11:40:41 PM | Computer Name = Lauren-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 9/13/2010 9:42:17 PM | Computer Name = Lauren-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 9/13/2010 9:42:17 PM | Computer Name = Lauren-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 11/21/2010 6:40:53 PM | Computer Name = Lauren-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 7/26/2011 3:51:21 PM | Computer Name = Lauren-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071126035115.xml
File not created by asset agent

Error - 8/16/2011 1:01:26 PM | Computer Name = Lauren-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081116010122.xml
File not created by asset agent

Error - 10/12/2011 1:24:32 PM | Computer Name = Lauren-PC | Source = Hewlett-Packard | ID = 0
Description =

[ OSession Events ]
Error - 8/16/2011 1:16:15 PM | Computer Name = Lauren-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/26/2011 5:46:53 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/26/2011 5:48:09 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 12/26/2011 5:48:10 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 12/26/2011 5:48:10 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 12/26/2011 5:48:14 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7003
Description = The Internet Connection Sharing (ICS) service depends the following
service: BFE. This service might not be installed.

Error - 12/26/2011 5:50:52 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%31

Error - 12/26/2011 5:37:30 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 12/26/2011 5:37:32 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 12/26/2011 5:37:32 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 12/26/2011 5:37:33 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7003
Description = The Internet Connection Sharing (ICS) service depends the following
service: BFE. This service might not be installed.


< End of report >



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122605

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/26/2011 4:35:28 PM
mbam-log-2011-12-26 (16-35-28).txt

Scan type: Quick scan
Objects scanned: 209133
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\_J19_1296 (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\_j19_1296.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\_j19_1296.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\Users\Lauren\downloads\iwonsetup2.3.50.62.zlxdm003.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Attached Thumbnails

  • screenshot.jpg

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
We are missing an OTL scan. You got the Extras log but there should have been an OTL log too.

I'm pretty sure I know what is going on. The malware ate the Base Forwarding Engine service and probably also the Windows Firewall service and maybe the Security Center.

Right click on Computer and select Manage then Services and Applications then Services. Verify that the Base Forwarding Engine service is not present in the list. Also check for the Windows Firewall service. Come to think of it check for the Security Center service too.

Assuming this is what I think it is you will be missing both services.

Follow the procedure on Post#13 on http://www.geekstogo...ost__p__2090351

That will get the BFE service back in the registry but it won't start.

For the firewall (if it is missing): Download the attached mpssvc fix.zip and Save it. Right click on it and Extract All, right click on mpssvc fix.reg and MERGE.

For the Security Center: Do the same for mscsvc.zip

Finally we have to do this:

Go into regedit, (Start, Search, regedit, doubleclick, Continue) navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
(Find HKEY_LOCAL_MACHINE\SYSTEM and click on the + in front of it. Find CurrentControlSet and click on its plus. Click on Services) then right click on Services and select Permissions then click Add.
Type in
NT Service\bfe
and click on Check Name. (It will change your typing to BFE ) OK. You should be back on the first Permissions page. Now select BFE on the permission page and click on the first box to the right of Full Control (Allow column). Then Apply. Reboot and go back into Services and see if BFE is running.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
gmcube

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Your right about the first two things missing from what I can tell. There is a security service though called "SBSD Security Center Service".

I wasn't able to do all the steps. It gives me an error at the command prompt part.

BFE is not recognized as an internal or external command, operable program or batch file.


Not sure if you still need it, but just in case it could help, heres the missing scan from my last post.

OTL logfile created on: 12/26/2011 4:44:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lauren\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 52.43% Memory free
5.86 Gb Paging File | 4.25 Gb Available in Paging File | 72.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 166.87 Gb Free Space | 75.58% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.00 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
Drive F: | 7.63 Gb Total Space | 0.02 Gb Free Space | 0.20% Space Free | Partition Type: FAT32

Computer Name: LAUREN-PC | User Name: Lauren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 16:31:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
PRC - [2011/12/22 08:22:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 12:20:06 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/08/03 12:42:04 | 000,804,352 | ---- | M] (Audiovox Electronics Corp.) -- C:\Users\Lauren\My Documents\RCA Detective\RCADetective.exe
PRC - [2010/07/15 10:46:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/05/24 22:26:22 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/22 08:23:04 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/05/24 22:34:02 | 001,703,936 | ---- | M] () -- C:\Users\Lauren\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/05/24 22:25:22 | 003,760,128 | ---- | M] () -- C:\Users\Lauren\AppData\Roaming\PictureMover\Bin\Core.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/15 10:46:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/24 12:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/12 12:37:13 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/11 13:43:26 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/21 00:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 00:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/12/21 00:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/26 19:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/07/15 10:46:17 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/02/26 10:05:32 | 000,699,960 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 12:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/24 12:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/24 12:52:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/24 12:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/24 12:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://xfinity.comcast.net/?"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Lauren\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SiteRanker\firefox\ [2009/12/25 09:58:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/07 14:11:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/26 03:51:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/29 17:16:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/07 14:11:04 | 000,000,000 | ---D | M]

[2011/12/26 03:28:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions
[2009/12/25 13:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/26 03:51:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\ma5zclyy.default\extensions
[2011/12/26 03:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/25 15:59:12 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{0dca257c-8ebe-5547-eb3d-952632f6194b}
[2011/10/29 22:44:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/26 03:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\USERS\LAUREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MA5ZCLYY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\LAUREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MA5ZCLYY.DEFAULT\EXTENSIONS\[email protected]
[2011/12/22 08:23:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 21:04:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 21:04:34 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lauren\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lauren\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lauren\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lauren\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Lauren\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Skype Click to Call = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/12/26 04:49:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files (x86)\ChameleonTom\wit4ie.dll (ChameleonTom)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Lauren\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDF56940-4AF6-4033-91C5-4B3E159B4783}: DhcpNameServer = 68.87.64.150 68.87.75.198
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 16:38:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/26 16:31:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[2011/12/26 16:29:38 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\Malwarebytes
[2011/12/26 16:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/26 16:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/26 16:29:24 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/26 16:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/26 16:17:43 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Lauren\Desktop\aswMBR.exe
[2011/12/26 16:13:22 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lauren\Desktop\tdsskiller.exe
[2011/12/26 04:10:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/26 04:10:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/26 04:10:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/26 04:10:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/26 04:10:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 03:34:04 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\HPAppData
[2011/12/26 02:20:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/26 02:02:46 | 000,000,000 | ---D | C] -- C:\Users\Lauren\Desktop\backups
[2011/12/26 01:48:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lauren\Desktop\HijackThis.exe
[2011/12/20 01:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\F6453
[2011/12/20 01:02:10 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\784F6
[2011/12/14 00:31:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 00:31:14 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/14 00:31:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 00:31:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 00:31:10 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 00:31:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 00:31:08 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 00:31:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 00:31:03 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 00:31:03 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/10 19:25:11 | 000,000,000 | ---D | C] -- C:\90cbf9cd9ab13bebf9
[2011/12/10 19:11:11 | 000,000,000 | ---D | C] -- C:\e573631b325b67afbb97d93a4f95
[2011/12/09 02:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011/12/09 02:16:10 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2011/12/09 02:16:10 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2011/12/09 02:16:10 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2011/12/09 02:16:10 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2011/12/09 02:16:10 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2011/12/09 02:16:10 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2011/12/09 02:16:10 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2011/12/09 02:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011/12/09 02:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011/12/09 02:15:04 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\.svn
[2011/12/09 02:14:10 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011/12/09 02:14:10 | 000,770,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msfdbqp.dll
[2011/12/09 02:14:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Synchronization2.dll
[2011/12/09 02:14:10 | 000,397,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msfdbse.dll
[2011/12/09 02:14:10 | 000,253,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MetaStore2.dll
[2011/12/09 02:14:10 | 000,230,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msfdb.dll
[2011/12/09 02:14:10 | 000,189,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SimpleProviders2.dll
[2011/12/09 02:14:10 | 000,171,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FileSyncProvider2.dll
[2011/12/09 02:14:10 | 000,156,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FeedSync2.dll
[2011/12/08 23:09:00 | 000,000,000 | ---D | C] -- C:\Users\Lauren\Desktop\backup
[2011/12/03 18:32:28 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/03 18:30:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/03 18:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/11/29 21:48:06 | 000,000,000 | ---D | C] -- C:\34dbc09962a5902b12e183b5de
[2011/11/29 21:25:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/11/29 21:23:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/11/27 20:37:18 | 000,000,000 | ---D | C] -- C:\7f1b41ba1b9ff5e8196d1bc7510f23bd
[2011/11/27 20:26:19 | 000,000,000 | ---D | C] -- C:\3722b235154e0c8c6f1c9eb9483372bb

========== Files - Modified Within 30 Days ==========

[2011/12/26 16:45:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-859783317-3874007999-862408240-1000UA.job
[2011/12/26 16:44:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/26 16:44:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/26 16:42:17 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/26 16:42:17 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/26 16:42:17 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/26 16:38:34 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/12/26 16:37:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/26 16:37:04 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/26 16:31:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[2011/12/26 16:29:28 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/26 16:27:27 | 000,000,512 | ---- | M] () -- C:\Users\Lauren\Desktop\MBR.dat
[2011/12/26 16:18:46 | 090,929,596 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/12/26 16:17:52 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Lauren\Desktop\aswMBR.exe
[2011/12/26 16:13:22 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lauren\Desktop\tdsskiller.exe
[2011/12/26 04:49:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/26 03:51:52 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/26 02:08:30 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLauren.job
[2011/12/26 01:04:48 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lauren\Desktop\HijackThis.exe
[2011/12/26 00:46:45 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-859783317-3874007999-862408240-1000Core.job
[2011/12/23 14:39:26 | 000,009,246 | -HS- | M] () -- C:\Users\Lauren\AppData\Local\b2ml23h4pd6pnu
[2011/12/23 14:39:26 | 000,009,246 | -HS- | M] () -- C:\ProgramData\b2ml23h4pd6pnu
[2011/12/17 23:22:07 | 000,002,364 | ---- | M] () -- C:\Users\Lauren\Desktop\Google Chrome.lnk
[2011/12/15 14:02:07 | 000,440,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/09 02:26:10 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies mini.lnk
[2011/12/09 02:18:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/09 02:17:13 | 000,002,112 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies mini.lnk
[2011/12/09 02:14:08 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011/12/09 02:14:07 | 000,770,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Msfdbqp.dll
[2011/12/09 02:14:07 | 000,397,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Msfdbse.dll
[2011/12/09 02:14:07 | 000,189,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SimpleProviders2.dll
[2011/12/09 02:14:06 | 000,511,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Synchronization2.dll
[2011/12/09 02:14:06 | 000,253,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MetaStore2.dll
[2011/12/09 02:14:06 | 000,230,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Msfdb.dll
[2011/12/09 02:14:06 | 000,171,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FileSyncProvider2.dll
[2011/12/09 02:14:06 | 000,156,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FeedSync2.dll
[2011/12/03 18:32:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/30 15:20:31 | 000,000,363 | ---- | M] () -- C:\Users\Lauren\RecentPlaces.lnk
[2011/11/29 21:43:31 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/11/29 21:43:29 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/11/29 17:16:41 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/12/26 16:29:28 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/26 16:27:27 | 000,000,512 | ---- | C] () -- C:\Users\Lauren\Desktop\MBR.dat
[2011/12/26 04:10:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/26 04:10:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/26 04:10:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/26 04:10:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/26 04:10:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/26 03:36:37 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/26 03:36:37 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/20 01:01:59 | 000,009,246 | -HS- | C] () -- C:\Users\Lauren\AppData\Local\b2ml23h4pd6pnu
[2011/12/20 01:01:59 | 000,009,246 | -HS- | C] () -- C:\ProgramData\b2ml23h4pd6pnu
[2011/12/09 02:18:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/12/09 02:17:13 | 000,002,112 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies mini.lnk
[2011/12/09 02:17:13 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies mini.lnk
[2011/07/26 14:51:27 | 000,001,854 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\GhostObjGAFix.xml
[2011/04/24 00:42:18 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/15 23:29:20 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/09 14:35:59 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/22 07:30:10 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2010/04/27 13:43:35 | 000,595,160 | ---- | C] () -- C:\Windows\SysWow64\wodCertificate.dll
[2010/04/27 13:43:33 | 000,589,960 | ---- | C] () -- C:\Windows\SysWow64\brgrt.dll
[2010/01/07 14:10:31 | 000,023,116 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/08/23 16:34:01 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/07/15 19:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 14:14:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

< End of report >

Edited by gmcube, 27 December 2011 - 09:22 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
[2011/12/20 01:01:59 | 000,009,246 | -HS- | C] () -- C:\Users\Lauren\AppData\Local\b2ml23h4pd6pnu
[2011/12/20 01:01:59 | 000,009,246 | -HS- | C] () -- C:\ProgramData\b2ml23h4pd6pnu

:files
C:\Users\Lauren\AppData\Local\b2ml23h4pd6pnu
C:\ProgramData\b2ml23h4pd6pnu
net start /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Copy the log and paste it in your next reply.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP