Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ran LSP-Fix on Win7 64x - Now Unable to Load Any Webpage [Solved]

Started by Matt Smith , Jan 04 2012 12:48 AM

  • This topic is locked This topic is locked

#121
Matt Smith
Posted 06 February 2012 - 04:57 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Here's the Manual Disinfection File

Attached Files


Edited by Matt Smith, 06 February 2012 - 04:58 AM.

  • 0

Advertisements

#122
SweetTech
Posted 07 February 2012 - 02:13 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please run this script below for me using AVP.

  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution
    Posted Image
  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End
    Posted Image
    begin
ClearHostsFile;
RebootWindows(true);
end.
  • Your system will reboot on completion, if it does not please do so yourself

Let me know if the redirects still occur on reboot.
  • 0

#123
Matt Smith
Posted 10 February 2012 - 12:59 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I have ran the fix last night. Haven't had much time to browse to get redirected. But we will see.
  • 0

#124
SweetTech
Posted 10 February 2012 - 02:58 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. Please keep me updated.
  • 0

#125
Matt Smith
Posted 10 February 2012 - 03:15 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Okay, I will. Thanks again. Will report back soon.
  • 0

#126
SweetTech
Posted 10 February 2012 - 06:54 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
No problem.
  • 0

#127
Matt Smith
Posted 10 February 2012 - 07:07 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
So far so good. Any idea why Java isn't working? I can't get any x86 version to install. One installer opens but results in a page that says, "To restart Java you must refresh the page" or something like that. If you can't help or are done with my computer problems. That is fine. Won't be any hurt feelings here.
  • 0

#128
SweetTech
Posted 11 February 2012 - 01:56 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Glad to hear the issues with the redirects seems to be under control.

What's the version of Java that you're trying to install? Are you able to install it at all or are you experiencing issues during the installation of it?
  • 0

#129
Matt Smith
Posted 11 February 2012 - 02:44 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Just got redirected to:
removed malicious link.--ST

I'm trying to install the newest of the 32bit version of Java. But when I do it says, You must restart the installer by refreshing the webpage.

Edited by SweetTech, 11 February 2012 - 03:32 AM.

  • 0

#130
SweetTech
Posted 11 February 2012 - 03:33 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

This is being a stubborn little thing.

I'd like to get new scans from you.

Please run these utilities for me:


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:


Open up OTL. It should still be located on your desktop.

Click on Scan All Users

Under Processes Click on All
Under Modules Click on All
Under Services Click on All
Under Drivers Click on All
Under Standard Registry Click on All
Under Extra Registry Click on All
Under File Ages Click on 90 Days

Post the log that is produced after running OTL.
  • 0

Advertisements

#131
Matt Smith
Posted 15 February 2012 - 04:03 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Attached are the logs for aswMBR, TDSSkiller & OTL.
Is it alright that they are attached or do you prefer them being pasted in the response?
Can re-post them if wished.


01:58:44.0521 5424 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
01:58:44.0911 5424 ============================================================
01:58:44.0911 5424 Current date / time: 2012/02/15 01:58:44.0911
01:58:44.0911 5424 SystemInfo:
01:58:44.0911 5424
01:58:44.0911 5424 OS Version: 6.1.7600 ServicePack: 0.0
01:58:44.0911 5424 Product type: Workstation
01:58:44.0911 5424 ComputerName: AEON
01:58:44.0911 5424 UserName: Mafu
01:58:44.0911 5424 Windows directory: C:\Windows
01:58:44.0911 5424 System windows directory: C:\Windows
01:58:44.0911 5424 Running under WOW64
01:58:44.0911 5424 Processor architecture: Intel x64
01:58:44.0912 5424 Number of processors: 2
01:58:44.0912 5424 Page size: 0x1000
01:58:44.0912 5424 Boot type: Normal boot
01:58:44.0912 5424 ============================================================
01:58:46.0120 5424 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0xA039, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xBD, Type 'K0', Flags 0x00000040
01:58:46.0126 5424 \Device\Harddisk0\DR0:
01:58:46.0127 5424 MBR used
01:58:46.0127 5424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:58:46.0127 5424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
01:58:46.0183 5424 Initialize success
01:58:46.0183 5424 ============================================================
01:59:04.0580 5248 ============================================================
01:59:04.0580 5248 Scan started
01:59:04.0580 5248 Mode: Manual; SigCheck; TDLFS;
01:59:04.0580 5248 ============================================================
01:59:05.0673 5248 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
01:59:05.0800 5248 1394ohci - ok
01:59:05.0847 5248 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
01:59:05.0918 5248 Accelerometer - ok
01:59:05.0968 5248 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
01:59:05.0988 5248 ACPI - ok
01:59:06.0026 5248 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
01:59:06.0054 5248 AcpiPmi - ok
01:59:06.0112 5248 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:59:06.0134 5248 adp94xx - ok
01:59:06.0170 5248 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:59:06.0190 5248 adpahci - ok
01:59:06.0215 5248 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:59:06.0230 5248 adpu320 - ok
01:59:06.0324 5248 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
01:59:06.0399 5248 AFD - ok
01:59:06.0454 5248 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
01:59:06.0465 5248 agp440 - ok
01:59:06.0508 5248 Aken - ok
01:59:06.0548 5248 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
01:59:06.0559 5248 aliide - ok
01:59:06.0580 5248 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
01:59:06.0591 5248 amdide - ok
01:59:06.0634 5248 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:59:06.0655 5248 AmdK8 - ok
01:59:06.0916 5248 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
01:59:07.0279 5248 amdkmdag - ok
01:59:07.0393 5248 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
01:59:07.0430 5248 amdkmdap - ok
01:59:07.0495 5248 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:59:07.0534 5248 AmdPPM - ok
01:59:07.0590 5248 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
01:59:07.0604 5248 amdsata - ok
01:59:07.0645 5248 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:59:07.0661 5248 amdsbs - ok
01:59:07.0687 5248 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
01:59:07.0698 5248 amdxata - ok
01:59:07.0746 5248 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
01:59:07.0835 5248 AppID - ok
01:59:08.0011 5248 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:59:08.0023 5248 arc - ok
01:59:08.0060 5248 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:59:08.0072 5248 arcsas - ok
01:59:08.0152 5248 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:59:08.0224 5248 AsyncMac - ok
01:59:08.0244 5248 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
01:59:08.0255 5248 atapi - ok
01:59:08.0358 5248 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
01:59:08.0458 5248 athr - ok
01:59:08.0528 5248 AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
01:59:08.0540 5248 AtiHDAudioService - ok
01:59:08.0591 5248 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
01:59:08.0603 5248 AtiHdmiService - ok
01:59:08.0828 5248 atikmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
01:59:08.0957 5248 atikmdag - ok
01:59:09.0056 5248 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
01:59:09.0066 5248 AtiPcie - ok
01:59:09.0105 5248 ATITool (b07e6681d303a612680223c729b021e2) C:\Windows\system32\DRIVERS\ATITool64.sys
01:59:09.0155 5248 ATITool ( UnsignedFile.Multi.Generic ) - warning
01:59:09.0155 5248 ATITool - detected UnsignedFile.Multi.Generic (1)
01:59:09.0235 5248 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:59:09.0333 5248 b06bdrv - ok
01:59:09.0384 5248 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:59:09.0429 5248 b57nd60a - ok
01:59:09.0495 5248 BazisVirtualCDBus (326e77ea6e9bf27c7cd2837d65db96c7) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
01:59:09.0510 5248 BazisVirtualCDBus - ok
01:59:09.0539 5248 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:59:09.0599 5248 Beep - ok
01:59:09.0658 5248 BlackBox - ok
01:59:09.0693 5248 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:59:09.0709 5248 blbdrive - ok
01:59:09.0789 5248 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
01:59:09.0812 5248 bowser - ok
01:59:09.0837 5248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:59:09.0884 5248 BrFiltLo - ok
01:59:09.0913 5248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:59:09.0932 5248 BrFiltUp - ok
01:59:09.0967 5248 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:59:10.0017 5248 BridgeMP - ok
01:59:10.0045 5248 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:59:10.0102 5248 Brserid - ok
01:59:10.0126 5248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:59:10.0158 5248 BrSerWdm - ok
01:59:10.0184 5248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:59:10.0216 5248 BrUsbMdm - ok
01:59:10.0238 5248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:59:10.0261 5248 BrUsbSer - ok
01:59:10.0293 5248 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:59:10.0327 5248 BTHMODEM - ok
01:59:10.0430 5248 CbFs (d8466df7629a7acd2bed0cde206e5df9) C:\Windows\system32\drivers\cbfs.sys
01:59:10.0446 5248 CbFs - ok
01:59:10.0468 5248 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:59:10.0542 5248 cdfs - ok
01:59:10.0600 5248 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
01:59:10.0637 5248 cdrom - ok
01:59:10.0687 5248 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:59:10.0712 5248 circlass - ok
01:59:10.0750 5248 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:59:10.0770 5248 CLFS - ok
01:59:10.0847 5248 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:59:10.0884 5248 CmBatt - ok
01:59:10.0917 5248 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
01:59:10.0927 5248 cmdide - ok
01:59:10.0985 5248 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
01:59:11.0070 5248 CNG - ok
01:59:11.0103 5248 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:59:11.0115 5248 Compbatt - ok
01:59:11.0212 5248 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:59:11.0246 5248 CompositeBus - ok
01:59:11.0306 5248 cpuz135 - ok
01:59:11.0336 5248 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:59:11.0346 5248 crcdisk - ok
01:59:11.0405 5248 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
01:59:11.0460 5248 CSC - ok
01:59:11.0545 5248 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
01:59:11.0571 5248 DfsC - ok
01:59:11.0614 5248 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:59:11.0689 5248 discache - ok
01:59:11.0737 5248 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:59:11.0750 5248 Disk - ok
01:59:11.0799 5248 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:59:11.0832 5248 drmkaud - ok
01:59:11.0893 5248 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
01:59:11.0937 5248 DXGKrnl - ok
01:59:11.0993 5248 EagleX64 - ok
01:59:12.0101 5248 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:59:12.0227 5248 ebdrv - ok
01:59:12.0284 5248 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:59:12.0307 5248 elxstor - ok
01:59:12.0329 5248 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
01:59:12.0354 5248 ErrDev - ok
01:59:12.0396 5248 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:59:12.0443 5248 exfat - ok
01:59:12.0466 5248 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:59:12.0529 5248 fastfat - ok
01:59:12.0564 5248 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:59:12.0587 5248 fdc - ok
01:59:12.0623 5248 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:59:12.0643 5248 FileInfo - ok
01:59:12.0665 5248 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:59:12.0718 5248 Filetrace - ok
01:59:12.0738 5248 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:59:12.0754 5248 flpydisk - ok
01:59:12.0782 5248 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
01:59:12.0801 5248 FltMgr - ok
01:59:12.0852 5248 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:59:12.0864 5248 FsDepends - ok
01:59:12.0917 5248 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
01:59:12.0928 5248 fssfltr - ok
01:59:12.0956 5248 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:59:12.0967 5248 Fs_Rec - ok
01:59:13.0022 5248 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:59:13.0041 5248 fvevol - ok
01:59:13.0078 5248 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:59:13.0090 5248 gagp30kx - ok
01:59:13.0148 5248 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:59:13.0158 5248 GEARAspiWDM - ok
01:59:13.0215 5248 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
01:59:13.0225 5248 hamachi - ok
01:59:13.0252 5248 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:59:13.0324 5248 hcw85cir - ok
01:59:13.0377 5248 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
01:59:13.0409 5248 HdAudAddService - ok
01:59:13.0434 5248 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:59:13.0463 5248 HDAudBus - ok
01:59:13.0501 5248 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:59:13.0529 5248 HidBatt - ok
01:59:13.0563 5248 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:59:13.0611 5248 HidBth - ok
01:59:13.0631 5248 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:59:13.0677 5248 HidIr - ok
01:59:13.0733 5248 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
01:59:13.0763 5248 HidUsb - ok
01:59:13.0848 5248 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
01:59:13.0859 5248 hpdskflt - ok
01:59:13.0922 5248 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
01:59:13.0944 5248 HpqKbFiltr - ok
01:59:13.0987 5248 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
01:59:13.0999 5248 HpSAMD - ok
01:59:14.0039 5248 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
01:59:14.0107 5248 HTTP - ok
01:59:14.0130 5248 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
01:59:14.0141 5248 hwpolicy - ok
01:59:14.0163 5248 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
01:59:14.0179 5248 i8042prt - ok
01:59:14.0212 5248 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
01:59:14.0234 5248 iaStorV - ok
01:59:14.0289 5248 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:59:14.0301 5248 iirsp - ok
01:59:14.0335 5248 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
01:59:14.0345 5248 intelide - ok
01:59:14.0385 5248 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:59:14.0417 5248 intelppm - ok
01:59:14.0444 5248 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:59:14.0524 5248 IpFilterDriver - ok
01:59:14.0562 5248 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
01:59:14.0585 5248 IPMIDRV - ok
01:59:14.0624 5248 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:59:14.0678 5248 IPNAT - ok
01:59:14.0732 5248 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:59:14.0752 5248 IRENUM - ok
01:59:14.0770 5248 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
01:59:14.0782 5248 isapnp - ok
01:59:14.0825 5248 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
01:59:14.0841 5248 iScsiPrt - ok
01:59:14.0885 5248 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:59:14.0897 5248 kbdclass - ok
01:59:14.0936 5248 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
01:59:14.0951 5248 kbdhid - ok
01:59:15.0001 5248 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
01:59:15.0015 5248 KSecDD - ok
01:59:15.0039 5248 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
01:59:15.0054 5248 KSecPkg - ok
01:59:15.0069 5248 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:59:15.0122 5248 ksthunk - ok
01:59:15.0171 5248 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:59:15.0232 5248 lltdio - ok
01:59:15.0278 5248 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:59:15.0292 5248 LSI_FC - ok
01:59:15.0309 5248 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:59:15.0323 5248 LSI_SAS - ok
01:59:15.0351 5248 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:59:15.0362 5248 LSI_SAS2 - ok
01:59:15.0389 5248 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:59:15.0403 5248 LSI_SCSI - ok
01:59:15.0428 5248 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:59:15.0480 5248 luafv - ok
01:59:15.0502 5248 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:59:15.0514 5248 megasas - ok
01:59:15.0545 5248 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:59:15.0562 5248 MegaSR - ok
01:59:15.0608 5248 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:59:15.0666 5248 Modem - ok
01:59:15.0723 5248 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:59:15.0758 5248 monitor - ok
01:59:15.0791 5248 MonitorFunction (95314c3a08589471983c2c8173f23cda) C:\Windows\system32\DRIVERS\TVMonitor.sys
01:59:15.0802 5248 MonitorFunction - ok
01:59:15.0834 5248 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:59:15.0846 5248 mouclass - ok
01:59:15.0869 5248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:59:15.0893 5248 mouhid - ok
01:59:15.0919 5248 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
01:59:15.0932 5248 mountmgr - ok
01:59:15.0987 5248 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
01:59:16.0003 5248 MpFilter - ok
01:59:16.0025 5248 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
01:59:16.0040 5248 mpio - ok
01:59:16.0065 5248 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
01:59:16.0076 5248 MpNWMon - ok
01:59:16.0098 5248 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:59:16.0152 5248 mpsdrv - ok
01:59:16.0236 5248 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
01:59:16.0273 5248 MRxDAV - ok
01:59:16.0326 5248 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:59:16.0350 5248 mrxsmb - ok
01:59:16.0372 5248 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:59:16.0422 5248 mrxsmb10 - ok
01:59:16.0445 5248 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:59:16.0475 5248 mrxsmb20 - ok
01:59:16.0506 5248 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
01:59:16.0517 5248 msahci - ok
01:59:16.0542 5248 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
01:59:16.0556 5248 msdsm - ok
01:59:16.0593 5248 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:59:16.0638 5248 Msfs - ok
01:59:16.0662 5248 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:59:16.0719 5248 mshidkmdf - ok
01:59:16.0744 5248 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
01:59:16.0755 5248 msisadrv - ok
01:59:16.0807 5248 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:59:16.0852 5248 MSKSSRV - ok
01:59:16.0892 5248 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:59:16.0961 5248 MSPCLOCK - ok
01:59:16.0994 5248 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:59:17.0048 5248 MSPQM - ok
01:59:17.0073 5248 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
01:59:17.0094 5248 MsRPC - ok
01:59:17.0116 5248 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
01:59:17.0127 5248 mssmbios - ok
01:59:17.0151 5248 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:59:17.0208 5248 MSTEE - ok
01:59:17.0226 5248 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:59:17.0250 5248 MTConfig - ok
01:59:17.0268 5248 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:59:17.0281 5248 Mup - ok
01:59:17.0335 5248 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:59:17.0371 5248 NativeWifiP - ok
01:59:17.0413 5248 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
01:59:17.0456 5248 NDIS - ok
01:59:17.0482 5248 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:59:17.0526 5248 NdisCap - ok
01:59:17.0557 5248 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:59:17.0620 5248 NdisTapi - ok
01:59:17.0647 5248 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
01:59:17.0691 5248 Ndisuio - ok
01:59:17.0713 5248 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:59:17.0779 5248 NdisWan - ok
01:59:17.0804 5248 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
01:59:17.0862 5248 NDProxy - ok
01:59:17.0892 5248 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:59:17.0938 5248 NetBIOS - ok
01:59:17.0977 5248 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
01:59:18.0054 5248 NetBT - ok
01:59:18.0146 5248 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:59:18.0158 5248 nfrd960 - ok
01:59:18.0196 5248 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:59:18.0206 5248 NisDrv - ok
01:59:18.0312 5248 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
01:59:18.0324 5248 nm3 - ok
01:59:18.0365 5248 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:59:18.0419 5248 Npfs - ok
01:59:18.0448 5248 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:59:18.0512 5248 nsiproxy - ok
01:59:18.0684 5248 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
01:59:18.0759 5248 Ntfs - ok
01:59:18.0780 5248 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:59:18.0831 5248 Null - ok
01:59:18.0867 5248 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
01:59:18.0881 5248 nvraid - ok
01:59:18.0922 5248 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
01:59:18.0937 5248 nvstor - ok
01:59:18.0971 5248 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
01:59:18.0986 5248 nv_agp - ok
01:59:19.0014 5248 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
01:59:19.0047 5248 ohci1394 - ok
01:59:19.0103 5248 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:59:19.0120 5248 Parport - ok
01:59:19.0148 5248 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
01:59:19.0161 5248 partmgr - ok
01:59:19.0192 5248 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
01:59:19.0208 5248 pci - ok
01:59:19.0223 5248 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
01:59:19.0235 5248 pciide - ok
01:59:19.0270 5248 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:59:19.0286 5248 pcmcia - ok
01:59:19.0310 5248 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:59:19.0323 5248 pcw - ok
01:59:19.0356 5248 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:59:19.0442 5248 PEAUTH - ok
01:59:19.0568 5248 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
01:59:19.0625 5248 PptpMiniport - ok
01:59:19.0647 5248 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:59:19.0668 5248 Processor - ok
01:59:19.0711 5248 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
01:59:19.0764 5248 Psched - ok
01:59:19.0811 5248 PsSdk41 (86154f3a156fa2a5429c2940c69f426f) C:\Windows\system32\Drivers\pssdk41.sys
01:59:19.0854 5248 PsSdk41 - ok
01:59:19.0921 5248 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:59:19.0994 5248 ql2300 - ok
01:59:20.0017 5248 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:59:20.0030 5248 ql40xx - ok
01:59:20.0058 5248 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:59:20.0095 5248 QWAVEdrv - ok
01:59:20.0115 5248 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:59:20.0160 5248 RasAcd - ok
01:59:20.0201 5248 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:59:20.0254 5248 RasAgileVpn - ok
01:59:20.0287 5248 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:59:20.0347 5248 Rasl2tp - ok
01:59:20.0380 5248 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:59:20.0435 5248 RasPppoe - ok
01:59:20.0453 5248 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:59:20.0516 5248 RasSstp - ok
01:59:20.0543 5248 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
01:59:20.0607 5248 rdbss - ok
01:59:20.0630 5248 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:59:20.0661 5248 rdpbus - ok
01:59:20.0682 5248 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:59:20.0737 5248 RDPCDD - ok
01:59:20.0782 5248 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
01:59:20.0822 5248 RDPDR - ok
01:59:20.0852 5248 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:59:20.0908 5248 RDPENCDD - ok
01:59:20.0939 5248 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:59:20.0982 5248 RDPREFMP - ok
01:59:21.0007 5248 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
01:59:21.0054 5248 RDPWD - ok
01:59:21.0088 5248 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
01:59:21.0104 5248 rdyboost - ok
01:59:21.0173 5248 RMCAST (77b3b747eb2413072b8e4306018d0c9b) C:\Windows\system32\DRIVERS\RMCAST.sys
01:59:21.0227 5248 RMCAST - ok
01:59:21.0263 5248 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:59:21.0315 5248 rspndr - ok
01:59:21.0360 5248 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:59:21.0394 5248 RTL8167 - ok
01:59:21.0432 5248 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
01:59:21.0463 5248 s3cap - ok
01:59:21.0507 5248 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
01:59:21.0521 5248 sbp2port - ok
01:59:21.0583 5248 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
01:59:21.0596 5248 SCDEmu - ok
01:59:21.0615 5248 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
01:59:21.0671 5248 scfilter - ok
01:59:21.0720 5248 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
01:59:21.0758 5248 sdbus - ok
01:59:21.0799 5248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:59:21.0856 5248 secdrv - ok
01:59:21.0896 5248 Ser2pl - ok
01:59:21.0925 5248 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:59:21.0946 5248 Serenum - ok
01:59:21.0989 5248 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:59:22.0006 5248 Serial - ok
01:59:22.0029 5248 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:59:22.0071 5248 sermouse - ok
01:59:22.0120 5248 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
01:59:22.0150 5248 sffdisk - ok
01:59:22.0167 5248 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
01:59:22.0194 5248 sffp_mmc - ok
01:59:22.0227 5248 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
01:59:22.0266 5248 sffp_sd - ok
01:59:22.0305 5248 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:59:22.0350 5248 sfloppy - ok
01:59:22.0414 5248 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:59:22.0426 5248 SiSRaid2 - ok
01:59:22.0448 5248 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:59:22.0460 5248 SiSRaid4 - ok
01:59:22.0510 5248 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:59:22.0588 5248 Smb - ok
01:59:22.0634 5248 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:59:22.0645 5248 spldr - ok
01:59:22.0709 5248 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
01:59:22.0746 5248 srv - ok
01:59:22.0803 5248 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
01:59:22.0825 5248 srv2 - ok
01:59:22.0897 5248 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
01:59:22.0928 5248 srvnet - ok
01:59:22.0996 5248 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:59:23.0007 5248 stexstor - ok
01:59:23.0059 5248 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
01:59:23.0121 5248 STHDA - ok
01:59:23.0196 5248 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
01:59:23.0209 5248 storflt - ok
01:59:23.0226 5248 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
01:59:23.0237 5248 storvsc - ok
01:59:23.0256 5248 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
01:59:23.0267 5248 swenum - ok
01:59:23.0343 5248 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
01:59:23.0361 5248 SynTP - ok
01:59:23.0463 5248 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
01:59:23.0542 5248 Tcpip - ok
01:59:23.0600 5248 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
01:59:23.0646 5248 TCPIP6 - ok
01:59:23.0681 5248 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
01:59:23.0738 5248 tcpipreg - ok
01:59:23.0763 5248 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:59:23.0815 5248 TDPIPE - ok
01:59:23.0836 5248 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:59:23.0887 5248 TDTCP - ok
01:59:23.0913 5248 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
01:59:23.0972 5248 tdx - ok
01:59:24.0026 5248 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
01:59:24.0036 5248 teamviewervpn - ok
01:59:24.0060 5248 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
01:59:24.0072 5248 TermDD - ok
01:59:24.0111 5248 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:59:24.0171 5248 tssecsrv - ok
01:59:24.0216 5248 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
01:59:24.0262 5248 tunnel - ok
01:59:24.0304 5248 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:59:24.0316 5248 uagp35 - ok
01:59:24.0339 5248 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
01:59:24.0401 5248 udfs - ok
01:59:24.0444 5248 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
01:59:24.0457 5248 uliagpkx - ok
01:59:24.0494 5248 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
01:59:24.0509 5248 umbus - ok
01:59:24.0530 5248 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:59:24.0551 5248 UmPass - ok
01:59:24.0670 5248 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
01:59:24.0680 5248 UnlockerDriver5 - ok
01:59:24.0797 5248 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
01:59:24.0839 5248 USBAAPL64 - ok
01:59:24.0915 5248 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
01:59:24.0952 5248 usbaudio - ok
01:59:24.0994 5248 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
01:59:25.0016 5248 usbccgp - ok
01:59:25.0058 5248 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
01:59:25.0085 5248 usbcir - ok
01:59:25.0124 5248 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\drivers\usbehci.sys
01:59:25.0142 5248 usbehci - ok
01:59:25.0215 5248 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\drivers\usbhub.sys
01:59:25.0247 5248 usbhub - ok
01:59:25.0258 5248 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
01:59:25.0272 5248 usbohci - ok
01:59:25.0312 5248 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:59:25.0338 5248 usbprint - ok
01:59:25.0358 5248 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:59:25.0374 5248 USBSTOR - ok
01:59:25.0399 5248 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
01:59:25.0443 5248 usbuhci - ok
01:59:25.0516 5248 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
01:59:25.0533 5248 usbvideo - ok
01:59:25.0570 5248 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
01:59:25.0607 5248 usb_rndisx - ok
01:59:25.0670 5248 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
01:59:25.0686 5248 VBoxDrv - ok
01:59:25.0730 5248 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
01:59:25.0745 5248 VBoxNetAdp - ok
01:59:25.0791 5248 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
01:59:25.0806 5248 VBoxNetFlt - ok
01:59:25.0890 5248 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
01:59:25.0903 5248 VBoxUSBMon - ok
01:59:25.0964 5248 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
01:59:25.0976 5248 vdrvroot - ok
01:59:25.0998 5248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:59:26.0016 5248 vga - ok
01:59:26.0041 5248 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:59:26.0098 5248 VgaSave - ok
01:59:26.0124 5248 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
01:59:26.0142 5248 vhdmp - ok
01:59:26.0167 5248 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
01:59:26.0178 5248 viaide - ok
01:59:26.0212 5248 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
01:59:26.0229 5248 vmbus - ok
01:59:26.0250 5248 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
01:59:26.0277 5248 VMBusHID - ok
01:59:26.0299 5248 VMnetAdapter - ok
01:59:26.0328 5248 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
01:59:26.0341 5248 volmgr - ok
01:59:26.0369 5248 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
01:59:26.0390 5248 volmgrx - ok
01:59:26.0409 5248 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
01:59:26.0428 5248 volsnap - ok
01:59:26.0473 5248 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:59:26.0487 5248 vsmraid - ok
01:59:26.0510 5248 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:59:26.0541 5248 vwifibus - ok
01:59:26.0574 5248 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:59:26.0612 5248 vwififlt - ok
01:59:26.0655 5248 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
01:59:26.0676 5248 vwifimp - ok
01:59:26.0703 5248 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:59:26.0728 5248 WacomPen - ok
01:59:26.0781 5248 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
01:59:26.0826 5248 WANARP - ok
01:59:26.0837 5248 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
01:59:26.0882 5248 Wanarpv6 - ok
01:59:26.0959 5248 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:59:26.0970 5248 Wd - ok
01:59:27.0010 5248 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:59:27.0047 5248 Wdf01000 - ok
01:59:27.0098 5248 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:59:27.0142 5248 WfpLwf - ok
01:59:27.0162 5248 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:59:27.0173 5248 WIMMount - ok
01:59:27.0262 5248 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
01:59:27.0290 5248 WinUsb - ok
01:59:27.0341 5248 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:59:27.0366 5248 WmiAcpi - ok
01:59:27.0416 5248 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:59:27.0478 5248 ws2ifsl - ok
01:59:27.0531 5248 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
01:59:27.0601 5248 WudfPf - ok
01:59:27.0656 5248 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:59:27.0711 5248 WUDFRd - ok
01:59:27.0791 5248 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
01:59:27.0841 5248 xnacc - ok
01:59:27.0903 5248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:59:28.0059 5248 \Device\Harddisk0\DR0 - ok
01:59:28.0064 5248 Boot (0x1200) (6a36a9d086f871114e355143726f4e28) \Device\Harddisk0\DR0\Partition0
01:59:28.0065 5248 \Device\Harddisk0\DR0\Partition0 - ok
01:59:28.0098 5248 Boot (0x1200) (4443032ae230f388562d687c5feb61af) \Device\Harddisk0\DR0\Partition1
01:59:28.0099 5248 \Device\Harddisk0\DR0\Partition1 - ok
01:59:28.0100 5248 ============================================================
01:59:28.0100 5248 Scan finished
01:59:28.0100 5248 ============================================================
01:59:28.0126 3560 Detected object count: 1
01:59:28.0126 3560 Actual detected object count: 1
01:59:34.0858 3560 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
01:59:34.0858 3560 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip




aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-15 01:21:44
-----------------------------
01:21:44.166 OS Version: Windows x64 6.1.7600
01:21:44.166 Number of processors: 2 586 0x301
01:21:44.166 ComputerName: AEON UserName: Mafu
01:21:46.093 Initialize success
01:24:32.361 AVAST engine defs: 12021401
01:24:36.608 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:24:36.608 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 11
01:24:36.623 Disk 0 MBR read successfully
01:24:36.628 Disk 0 MBR scan
01:24:36.633 Disk 0 Windows 7 default MBR code
01:24:36.648 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:24:36.663 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
01:24:36.673 Service scanning
01:24:37.694 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
01:24:38.459 Modules scanning
01:24:38.464 Disk 0 trace - called modules:
01:24:38.514 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
01:24:38.519 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004891060]
01:24:38.854 3 CLASSPNP.SYS[fffff880018b543f] -> nt!IofCallDriver -> [0xfffffa8004820040]
01:24:38.859 5 hpdskflt.sys[fffff880010022bd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047fb680]
01:24:41.021 AVAST engine scan C:\Windows
01:24:44.465 AVAST engine scan C:\Windows\system32
01:28:50.075 AVAST engine scan C:\Windows\system32\drivers
01:29:05.929 AVAST engine scan C:\Users\Mafu
01:54:18.790 AVAST engine scan C:\ProgramData
01:57:24.737 Scan finished successfully
01:57:47.323 Disk 0 MBR has been saved successfully to "C:\Users\Mafu\Desktop\MBR.dat"
01:57:47.372 The log file has been saved successfully to "C:\Users\Mafu\Desktop\aswMBR.txt"

Attached Files


Edited by SweetTech, 15 February 2012 - 07:44 AM.
expanded TDSSKiller and aswMBR.exe logs.-ST

  • 0

#132
SweetTech
Posted 15 February 2012 - 08:15 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
HI!

Do you recognize these files?

[2011/06/09 23:56:10 | 000,000,687 | ---- | C] () -- C:\Windows\SysWow64\wta_Two.dat
[2011/06/09 23:46:35 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\wta_One.dat


OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes

:OTL
DRV:64bit: - [2006/11/10 05:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
:Reg

:Files
dir /s /a "C:\77ba3578eae882541ae9ccfab7fedf94" /c
dir /s /a "C:\bee274198a1f6abdad9fc1b49728e8" /c
dir /s /a "C:\Users\Mafu\AppData\Local\EapmapUI" /c
dir /s /a "C:\Users\Mafu\AppData\Local\SCE" /c
takeown /f "C:\Windows\SysNative\drivers\etc\hosts" /c
del /f /q "C:\Windows\SysNative\drivers\etc\hosts" /c
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click on the NONE button at the top.
  • In the custom scan box paste the following:
    msconfig
safebootminimal
activex
drivers32
netsvcs
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
ATITool64.sys
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

  • 0

#133
Matt Smith
Posted 15 February 2012 - 09:28 PM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I do not recognize the two listed files:

[2011/06/09 23:56:10 | 000,000,687 | ---- | C] () -- C:\Windows\SysWow64\wta_Two.dat
[2011/06/09 23:46:35 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\wta_One.dat


OTL Fix log:
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Service ATITool stopped successfully!
Service ATITool deleted successfully!
C:\Windows\SysNative\drivers\ATITool64.sys moved successfully.
========== REGISTRY ==========
========== FILES ==========
< dir /s /a "C:\77ba3578eae882541ae9ccfab7fedf94" /c >
Volume in drive C has no label.
Volume Serial Number is 3859-37D8
Directory of C:\77ba3578eae882541ae9ccfab7fedf94
01/13/2012 03:14 AM <DIR> .
01/13/2012 03:14 AM <DIR> ..
01/13/2012 03:01 AM <DIR> 1028
01/13/2012 03:01 AM <DIR> 1031
01/13/2012 03:01 AM <DIR> 1033
01/13/2012 03:01 AM <DIR> 1036
01/13/2012 03:01 AM <DIR> 1040
01/13/2012 03:01 AM <DIR> 1041
01/13/2012 03:01 AM <DIR> 1042
01/13/2012 03:01 AM <DIR> 1049
01/13/2012 03:01 AM <DIR> 2052
01/13/2012 03:01 AM <DIR> 3082
10/05/2011 07:52 PM 16,118 DHtmlHeader.html
01/13/2012 03:01 AM <DIR> Graphics
10/05/2011 07:52 PM 7,308 header.bmp
10/05/2011 07:52 PM 17,875,448 ParameterInfo.xml
10/05/2011 07:52 PM 78,152 Setup.exe
10/05/2011 07:52 PM 809,304 SetupEngine.dll
10/05/2011 07:52 PM 295,248 SetupUi.dll
10/05/2011 07:52 PM 30,120 SetupUi.xsd
10/05/2011 07:52 PM 96,088 SetupUtility.exe
10/05/2011 07:52 PM 80,742 SplashScreen.bmp
10/05/2011 07:52 PM 144,416 sqmapi.dll
10/05/2011 07:52 PM 14,084 Strings.xml
10/05/2011 07:52 PM 40,914 UiInfo.xml
10/05/2011 07:52 PM 325,760 watermark.bmp
13 File(s) 19,813,702 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\1028
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 2,329 eula.rtf
10/05/2011 07:52 PM 34,192 LocalizedData.xml
10/05/2011 07:58 PM 13,656 SetupResources.dll
3 File(s) 50,177 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\1031
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 1,477 eula.rtf
10/05/2011 07:52 PM 45,460 LocalizedData.xml
10/05/2011 07:58 PM 18,264 SetupResources.dll
3 File(s) 65,201 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\1033
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 1,171 eula.rtf
10/05/2011 07:52 PM 42,798 LocalizedData.xml
10/05/2011 07:52 PM 16,728 SetupResources.dll
3 File(s) 60,697 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\1036
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 1,400 eula.rtf
10/05/2011 07:52 PM 45,408 LocalizedData.xml
10/05/2011 07:58 PM 18,264 SetupResources.dll
3 File(s) 65,072 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\1040
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 1,412 eula.rtf
10/05/2011 07:52 PM 44,002 LocalizedData.xml
10/05/2011 07:58 PM 17,752 SetupResources.dll
3 File(s) 63,166 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\1041
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 3,055 eula.rtf
10/05/2011 07:52 PM 37,370 LocalizedData.xml
10/05/2011 07:58 PM 15,192 SetupResources.dll
3 File(s) 55,617 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\1042
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 3,745 eula.rtf
10/05/2011 07:52 PM 36,196 LocalizedData.xml
10/05/2011 07:58 PM 14,680 SetupResources.dll
3 File(s) 54,621 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\1049
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 3,406 eula.rtf
10/05/2011 07:52 PM 44,216 LocalizedData.xml
10/05/2011 07:58 PM 17,752 SetupResources.dll
3 File(s) 65,374 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\2052
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 2,129 eula.rtf
10/05/2011 07:52 PM 34,042 LocalizedData.xml
10/05/2011 07:58 PM 13,656 SetupResources.dll
3 File(s) 49,827 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\3082
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 1,387 eula.rtf
10/05/2011 07:52 PM 44,416 LocalizedData.xml
10/05/2011 07:58 PM 18,264 SetupResources.dll
3 File(s) 64,067 bytes
Directory of C:\77ba3578eae882541ae9ccfab7fedf94\Graphics
01/13/2012 03:01 AM <DIR> .
01/13/2012 03:01 AM <DIR> ..
10/05/2011 07:52 PM 1,150 Print.ico
10/05/2011 07:52 PM 894 Rotate1.ico
10/05/2011 07:52 PM 894 Rotate2.ico
10/05/2011 07:52 PM 894 Rotate3.ico
10/05/2011 07:52 PM 894 Rotate4.ico
10/05/2011 07:52 PM 894 Rotate5.ico
10/05/2011 07:52 PM 894 Rotate6.ico
10/05/2011 07:52 PM 894 Rotate7.ico
10/05/2011 07:52 PM 894 Rotate8.ico
10/05/2011 07:52 PM 1,150 Save.ico
10/05/2011 07:52 PM 36,710 Setup.ico
10/05/2011 07:52 PM 10,134 stop.ico
10/05/2011 07:52 PM 1,150 SysReqMet.ico
10/05/2011 07:52 PM 1,150 SysReqNotMet.ico
10/05/2011 07:52 PM 10,134 warn.ico
15 File(s) 68,730 bytes
Total Files Listed:
58 File(s) 20,476,251 bytes
35 Dir(s) 26,368,233,472 bytes free
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\bee274198a1f6abdad9fc1b49728e8" /c >
Volume in drive C has no label.
Volume Serial Number is 3859-37D8
Directory of C:\bee274198a1f6abdad9fc1b49728e8
01/11/2012 03:07 AM <DIR> .
01/11/2012 03:07 AM <DIR> ..
01/11/2012 03:07 AM <DIR> 1025
01/11/2012 03:07 AM <DIR> 1028
01/11/2012 03:07 AM <DIR> 1029
01/11/2012 03:07 AM <DIR> 1030
01/11/2012 03:06 AM <DIR> 1031
01/11/2012 03:06 AM <DIR> 1032
01/11/2012 03:06 AM <DIR> 1033
01/11/2012 03:06 AM <DIR> 1035
01/11/2012 03:06 AM <DIR> 1036
01/11/2012 03:06 AM <DIR> 1037
01/11/2012 03:06 AM <DIR> 1038
01/11/2012 03:06 AM <DIR> 1040
01/11/2012 03:06 AM <DIR> 1041
01/11/2012 03:06 AM <DIR> 1042
01/11/2012 03:06 AM <DIR> 1043
01/11/2012 03:06 AM <DIR> 1044
01/11/2012 03:06 AM <DIR> 1045
01/11/2012 03:06 AM <DIR> 1046
01/11/2012 03:06 AM <DIR> 1049
01/11/2012 03:06 AM <DIR> 1053
01/11/2012 03:06 AM <DIR> 1055
01/11/2012 03:06 AM <DIR> 2052
01/11/2012 03:06 AM <DIR> 2070
01/11/2012 03:06 AM <DIR> 3076
01/11/2012 03:06 AM <DIR> 3082
12/26/2011 03:38 AM 16,118 DHtmlHeader.html
01/11/2012 03:06 AM <DIR> Graphics
1 File(s) 16,118 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1025
01/11/2012 03:07 AM <DIR> .
01/11/2012 03:07 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1028
01/11/2012 03:07 AM <DIR> .
01/11/2012 03:07 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1029
01/11/2012 03:07 AM <DIR> .
01/11/2012 03:07 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1030
01/11/2012 03:07 AM <DIR> .
01/11/2012 03:07 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1031
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1032
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1033
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1035
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1036
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1037
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1038
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1040
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1041
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1042
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1043
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1044
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1045
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1046
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1049
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1053
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\1055
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\2052
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\2070
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\3076
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\3082
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\bee274198a1f6abdad9fc1b49728e8\Graphics
01/11/2012 03:06 AM <DIR> .
01/11/2012 03:06 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
1 File(s) 16,118 bytes
80 Dir(s) 26,368,233,472 bytes free
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Mafu\AppData\Local\EapmapUI" /c >
Volume in drive C has no label.
Volume Serial Number is 3859-37D8
Directory of C:\Users\Mafu\AppData\Local\EapmapUI
01/08/2012 03:12 AM <DIR> .
01/08/2012 03:12 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 26,368,241,664 bytes free
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Mafu\AppData\Local\SCE" /c >
Volume in drive C has no label.
Volume Serial Number is 3859-37D8
Directory of C:\Users\Mafu\AppData\Local\SCE
12/08/2011 03:18 PM <DIR> .
12/08/2011 03:18 PM <DIR> ..
12/08/2011 03:18 PM <DIR> CrashReport
0 File(s) 0 bytes
Directory of C:\Users\Mafu\AppData\Local\SCE\CrashReport
12/08/2011 03:18 PM <DIR> .
12/08/2011 03:18 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
5 Dir(s) 26,368,241,664 bytes free
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< takeown /f "C:\Windows\SysNative\drivers\etc\hosts" /c >
SUCCESS: The file (or folder): "C:\Windows\SysNative\drivers\etc\hosts" now owned by user "Aeon\Mafu".
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< del /f /q "C:\Windows\SysNative\drivers\etc\hosts" /c >
C:\Windows\SysNative\drivers\etc\hosts
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mafu
->Temp folder emptied: 185900229 bytes
->Temporary Internet Files folder emptied: 110837927 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 846868862 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 13761 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12343346 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,102.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mafu
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mafu
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02152012_192315

Files\Folders moved on Reboot...
C:\Users\Mafu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



----------------------------------------

OTL Scan Log:
OTL logfile created on: 2/15/2012 7:29:20 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mafu\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.38% Memory free
7.99 Gb Paging File | 6.33 Gb Available in Paging File | 79.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 25.74 Gb Free Space | 11.06% Space Free | Partition Type: NTFS

Computer Name: AEON | User Name: Mafu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: TrustedInstaller - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TrustedInstaller - Service
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.I420 - File not found
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/24 15:08:12 | 000,035,712 | ---- | M] () -- C:\Windows\system32\drivers\BlackBox.sys

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: ATITOOL64.SYS >
[2006/11/10 05:08:58 | 000,030,720 | ---- | M] () MD5=B07E6681D303A612680223C729B021E2 -- C:\_OTL\MovedFiles\02152012_192315\C_Windows\SysNative\drivers\ATITool64.sys
[2006/11/10 05:08:58 | 000,030,720 | ---- | M] () MD5=B07E6681D303A612680223C729B021E2 -- C:\Windows\SysNative\DriverStore\FileRepository\atitool.inf_amd64_neutral_3e32db7ddd3d33ce\ATITool64.sys

< MD5 for: EXPLORER.EXE >
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/08/29 09:02:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/08/29 09:02:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/08/29 09:00:14 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/08/29 09:02:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/08/29 09:02:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/08/29 09:02:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/08/29 09:00:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/08/29 09:02:32 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/08/29 09:00:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/08/29 09:02:32 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/08/29 09:00:15 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 05:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 17:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/07/13 17:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/13 17:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 17:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 17:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 17:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/08/29 09:02:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/08/29 09:02:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/08/29 09:02:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/08/29 09:02:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/29 07:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/29 07:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/29 07:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/01/29 07:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/01/29 07:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/29 07:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /HideShortcuts [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /ShowShortcuts [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open\command\\: C:\Program Files (x86)\SeaMonkey\seamonkey.exe [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties\command\\: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -preferences [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode\command\\: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -safe-mode [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/01/29 07:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/01/29 07:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/01/29 07:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/01/29 07:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/01/29 07:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/01/29 07:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/01/08 03:02:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/01/08 03:02:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/01/08 03:02:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE" -PREFERENCES [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE" -SAFE-MODE [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

Edited by Matt Smith, 15 February 2012 - 09:40 PM.

  • 0

#134
SweetTech
Posted 16 February 2012 - 01:21 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Can you confirm whether or not your ATI Programs are working properly? If not, which one isn't working properly?

Kindest Regards,
ST.
  • 0

#135
Matt Smith
Posted 16 February 2012 - 03:36 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

Hi!

Can you confirm whether or not your ATI Programs are working properly? If not, which one isn't working properly?

Kindest Regards,
ST.


I do not see any problems in any of my ATI programs. I believe the ATItool that was deleted was an application to overclock my graphics card. Nothing else.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP