Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

system check virus - help please


  • Please log in to reply

#16
bike vault

bike vault

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Ron,

I'll get all this done tomorrow and report back.

I think VIPRE has it's own firewall and disables MS Defender as a result.

Have a good evening.

Cheers,
Simon
  • 0

Advertisements


#17
bike vault

bike vault

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Ron,

Java and Reader removed and updated.

OTL run - log:

========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 01202012_090831

aswMBR run - log:
FIX WAS NOT ENABLED



aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-20 09:10:27
-----------------------------
09:10:27.390 OS Version: Windows 6.0.6002 Service Pack 2
09:10:27.390 Number of processors: 2 586 0xF0D
09:10:27.390 ComputerName: YK1M007380 UserName: harrisons
09:11:03.177 Initialize success
09:11:33.973 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:11:33.973 Disk 0 Vendor: ST3160815AS 3.AAA Size: 152627MB BusType: 3
09:11:34.005 Disk 0 MBR read successfully
09:11:34.020 Disk 0 MBR scan
09:11:34.020 Disk 0 Windows VISTA default MBR code
09:11:34.083 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 2049 MB offset 12678
09:11:34.114 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 150566 MB offset 4219027
09:11:34.114 Disk 0 scanning sectors +312579760
09:11:34.239 Disk 0 scanning C:\Windows\system32\drivers
09:11:49.729 Service scanning
09:11:52.116 Modules scanning
09:12:08.714 Scan finished successfully
09:12:38.863 Disk 0 MBR has been saved successfully to "C:\Users\harrisons\Desktop\malware logs\MBR.dat"
09:12:38.863 The log file has been saved successfully to "C:\Users\harrisons\Desktop\malware logs\aswMBR.txt"


TDSSKiller run - 3 non relevant threats skipped - no log produced?

SFC running will post up rest shortly..
  • 0

#18
bike vault

bike vault

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
As ever thanks for your help..

SFC - completed - you didn't request the log.

VEW sys log

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 20/01/2012 09:40:58

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/01/2012 09:05:38
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 20/01/2012 09:05:38
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Log: 'System' Date/Time: 20/01/2012 08:57:57
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 20/01/2012 08:57:57
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Log: 'System' Date/Time: 20/01/2012 08:57:56
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 20/01/2012 08:57:56
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Log: 'System' Date/Time: 20/01/2012 08:57:56
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 20/01/2012 08:57:56
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Log: 'System' Date/Time: 20/01/2012 08:57:56
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 20/01/2012 08:57:56
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 19/01/2012 17:44:21
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The MSCamSvc service hung on starting.

Log: 'System' Date/Time: 19/01/2012 16:00:24
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SBRE

Log: 'System' Date/Time: 19/01/2012 16:00:03
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The MSCamSvc service hung on starting.

Log: 'System' Date/Time: 19/01/2012 15:10:44
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SBRE

Log: 'System' Date/Time: 19/01/2012 15:10:39
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The MSCamSvc service hung on starting.

Log: 'System' Date/Time: 19/01/2012 14:43:03
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SBRE

Log: 'System' Date/Time: 19/01/2012 14:42:34
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The MSCamSvc service hung on starting.

Log: 'System' Date/Time: 19/01/2012 14:39:37
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 19/01/2012 14:27:50
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 19/01/2012 14:11:13
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/01/2012 08:46:23
Type: Warning Category: 0
Event: 1091 Source: Microsoft-Windows-GroupPolicy
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension <Group Policy Drive Maps>. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Log: 'System' Date/Time: 20/01/2012 08:46:23
Type: Warning Category: 0
Event: 1091 Source: Microsoft-Windows-GroupPolicy
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension <Group Policy Drive Maps>. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Log: 'System' Date/Time: 19/01/2012 15:09:28
Type: Warning Category: 0
Event: 1091 Source: Microsoft-Windows-GroupPolicy
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension <Group Policy Drive Maps>. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Log: 'System' Date/Time: 19/01/2012 15:09:28
Type: Warning Category: 0
Event: 1091 Source: Microsoft-Windows-GroupPolicy
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension <Group Policy Drive Maps>. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Log: 'System' Date/Time: 19/01/2012 15:07:28
Type: Warning Category: 0
Event: 5703 Source: NETLOGON
The Netlogon service could not read a mailslot message from The system cannot find the path specified. due to the following error: 03000000

Log: 'System' Date/Time: 19/01/2012 12:59:48
Type: Warning Category: 0
Event: 1091 Source: Microsoft-Windows-GroupPolicy
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension <Group Policy Drive Maps>. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Log: 'System' Date/Time: 19/01/2012 12:59:48
Type: Warning Category: 0
Event: 1091 Source: Microsoft-Windows-GroupPolicy
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension <Group Policy Drive Maps>. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Log: 'System' Date/Time: 19/01/2012 12:25:12
Type: Warning Category: 2
Event: 16 Source: Microsoft-Windows-WindowsUpdateClient
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Log: 'System' Date/Time: 19/01/2012 08:49:04
Type: Warning Category: 0
Event: 1091 Source: Microsoft-Windows-GroupPolicy
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension <Group Policy Drive Maps>. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Log: 'System' Date/Time: 19/01/2012 08:49:04
Type: Warning Category: 0
Event: 1091 Source: Microsoft-Windows-GroupPolicy
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension <Group Policy Drive Maps>. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Log: 'System' Date/Time: 18/01/2012 13:04:27
Type: Warning Category: 0
Event: 5703 Source: NETLOGON
The Netlogon service could not read a mailslot message from The system cannot find the path specified. due to the following error: 03000000

Log: 'System' Date/Time: 18/01/2012 08:48:27
Type: Warning Category: 0
Event: 1091 Source: Microsoft-Windows-GroupPolicy
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension <Group Policy Drive Maps>. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Log: 'System' Date/Time: 18/01/2012 08:48:27
Type: Warning Category: 0
Event: 1091 Source: Microsoft-Windows-GroupPolicy
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension <Group Policy Drive Maps>. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Log: 'System' Date/Time: 17/01/2012 18:01:15
Type: Warning Category: 0
Event: 5703 Source: NETLOGON
The Netlogon service could not read a mailslot message from The system cannot find the path specified. due to the following error: 03000000

Log: 'System' Date/Time: 17/01/2012 15:57:49
Type: Warning Category: 0
Event: 129 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

Log: 'System' Date/Time: 17/01/2012 15:57:47
Type: Warning Category: 0
Event: 131 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a domain peer to use as a time source because of DNS resolution error on 'SERVER6'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9).

Log: 'System' Date/Time: 17/01/2012 15:57:43
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019991B9328. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/01/2012 15:19:14
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package Microsoft-Windows-PowerShell-Package-Package-zh-HK-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 17/01/2012 15:19:13
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package Microsoft-Windows-PowerShell-Package-Package-uk-UA-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 17/01/2012 15:19:13
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package Microsoft-Windows-PowerShell-Package-Package-tr-TR-MiniLP(Feature Pack) is not applicable for this system

VEW app log

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 20/01/2012 09:41:50

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/01/2012 17:09:47
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES\SERVER6\NC> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 17:09:47
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES\SERVER6\NC> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 17:09:46
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES\SERVER6> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 17:09:46
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES\SERVER6> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 17:09:45
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 17:09:45
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 17:09:45
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 17:09:45
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 16:07:54
Type: Error Category: 0
Event: 11 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

Log: 'Application' Date/Time: 19/01/2012 12:57:11
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application swxcacls.3XE, version 1.0.1.1, time stamp 0x2a425e19, faulting module swxcacls.3XE, version 1.0.1.1, time stamp 0x2a425e19, exception code 0xc0000005, fault offset 0x00004b2a, process id 0x1b88, application start time 0x01ccd6a8f5c38efb.

Log: 'Application' Date/Time: 19/01/2012 12:42:05
Type: Error Category: 0
Event: 11 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

Log: 'Application' Date/Time: 19/01/2012 12:02:36
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES\SERVER6\NC> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 12:02:36
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES\SERVER6\NC> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 12:02:36
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES\SERVER6> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 12:02:36
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES\SERVER6> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 12:02:35
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 12:02:35
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V\FILES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 12:02:34
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 19/01/2012 12:02:34
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HARRISONS\APPDATA\LOCAL\ISOLATEDSTORAGE\RJJJ5Z0F.OC1\KKT2PIVZ.N44\URL.XAWZOMHY4VT5PDNFE4OB3FUZUL31FGU3\STRONGNAME.UTALJDRFTNAZSV2ZWRYUYLVPYMUJDX5V> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 18/01/2012 13:03:55
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application OUTLOOK.EXE, version 12.0.6607.1000, time stamp 0x4e398dcd, faulting module pstprx32.dll, version 12.0.6606.1000, time stamp 0x4e267284, exception code 0xc0000005, fault offset 0x0000bbb5, process id 0xd7c, application start time 0x01ccd5be71b18f0a.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/01/2012 08:46:23
Type: Warning Category: 2
Event: 4099 Source: Group Policy Drive Maps
The client-side extension could not log RSoP data because it failed with error code '0x8004401e <unknown-message-text>'.

Log: 'Application' Date/Time: 20/01/2012 08:46:22
Type: Warning Category: 2
Event: 4098 Source: Group Policy Drive Maps
The user 'F:' preference item in the 'Login Policy {86671E5E-71FB-4189-90DB-60B214C8CEF0}' Group Policy object did not apply because it failed with error code '0x80070055 The local device name is already in use.' This error was suppressed.

Log: 'Application' Date/Time: 19/01/2012 15:57:04
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-411461532-1346242652-1691616715-1031:
Process 1460 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1460 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Microsoft\Windows\CurrentVersion\Internet Settings


Log: 'Application' Date/Time: 19/01/2012 15:09:28
Type: Warning Category: 2
Event: 4099 Source: Group Policy Drive Maps
The client-side extension could not log RSoP data because it failed with error code '0x8004401e <unknown-message-text>'.

Log: 'Application' Date/Time: 19/01/2012 15:09:27
Type: Warning Category: 2
Event: 4098 Source: Group Policy Drive Maps
The user 'F:' preference item in the 'Login Policy {86671E5E-71FB-4189-90DB-60B214C8CEF0}' Group Policy object did not apply because it failed with error code '0x80070055 The local device name is already in use.' This error was suppressed.

Log: 'Application' Date/Time: 19/01/2012 12:59:48
Type: Warning Category: 2
Event: 4099 Source: Group Policy Drive Maps
The client-side extension could not log RSoP data because it failed with error code '0x8004401e <unknown-message-text>'.

Log: 'Application' Date/Time: 19/01/2012 12:59:47
Type: Warning Category: 2
Event: 4098 Source: Group Policy Drive Maps
The user 'F:' preference item in the 'Login Policy {86671E5E-71FB-4189-90DB-60B214C8CEF0}' Group Policy object did not apply because it failed with error code '0x80070055 The local device name is already in use.' This error was suppressed.

Log: 'Application' Date/Time: 19/01/2012 12:57:53
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-411461532-1346242652-1691616715-1031:
Process 1480 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1480 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Microsoft\Windows\CurrentVersion\Internet Settings


Log: 'Application' Date/Time: 19/01/2012 08:49:04
Type: Warning Category: 2
Event: 4099 Source: Group Policy Drive Maps
The client-side extension could not log RSoP data because it failed with error code '0x8004401e <unknown-message-text>'.

Log: 'Application' Date/Time: 19/01/2012 08:49:03
Type: Warning Category: 2
Event: 4098 Source: Group Policy Drive Maps
The user 'F:' preference item in the 'Login Policy {86671E5E-71FB-4189-90DB-60B214C8CEF0}' Group Policy object did not apply because it failed with error code '0x80070055 The local device name is already in use.' This error was suppressed.

Log: 'Application' Date/Time: 18/01/2012 08:48:45
Type: Warning Category: 3
Event: 3061 Source: Microsoft-Windows-Search
The gatherer log cannot be created.

Context: Windows Application, SystemIndex Catalog

Details:
Access is denied. (0x80070005)


Log: 'Application' Date/Time: 18/01/2012 08:48:27
Type: Warning Category: 2
Event: 4099 Source: Group Policy Drive Maps
The client-side extension could not log RSoP data because it failed with error code '0x8004401e <unknown-message-text>'.

Log: 'Application' Date/Time: 18/01/2012 08:48:26
Type: Warning Category: 2
Event: 4098 Source: Group Policy Drive Maps
The user 'F:' preference item in the 'Login Policy {86671E5E-71FB-4189-90DB-60B214C8CEF0}' Group Policy object did not apply because it failed with error code '0x80070055 The local device name is already in use.' This error was suppressed.

Log: 'Application' Date/Time: 17/01/2012 18:01:11
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-411461532-1346242652-1691616715-1031:
Process 1428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1428 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Microsoft\Windows\CurrentVersion\Internet Settings


Log: 'Application' Date/Time: 17/01/2012 17:58:54
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 4 time(s) since 17:33:22. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.

Log: 'Application' Date/Time: 17/01/2012 15:55:34
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-411461532-1346242652-1691616715-1031:
Process 1288 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Process 6128 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Microsoft\Windows\CurrentVersion\Explorer


Log: 'Application' Date/Time: 17/01/2012 14:59:16
Type: Warning Category: 2
Event: 4099 Source: Group Policy Drive Maps
The client-side extension could not log RSoP data because it failed with error code '0x8004401e <unknown-message-text>'.

Log: 'Application' Date/Time: 17/01/2012 14:59:12
Type: Warning Category: 2
Event: 4098 Source: Group Policy Drive Maps
The user 'F:' preference item in the 'Login Policy {86671E5E-71FB-4189-90DB-60B214C8CEF0}' Group Policy object did not apply because it failed with error code '0x80070055 The local device name is already in use.' This error was suppressed.

Log: 'Application' Date/Time: 17/01/2012 14:56:29
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-411461532-1346242652-1691616715-1031:
Process 1352 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Process 1544 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1544 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-411461532-1346242652-1691616715-1031\Software\Microsoft\Windows\CurrentVersion\Internet Settings


Log: 'Application' Date/Time: 17/01/2012 14:22:46
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{s-1-5-21-411461532-1346242652-1691616715-1031}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (0x80040d0d)
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Lot of errors.

The Windows Search service failed to start

I think we can start by turning off Windows Search. It's not something you really need and it seems to be having troubles so:

Right Click on (My) Computer and select Manage (Continue) then Services and Applications then Services. Find Windows Services and right click and select Properties. Stop the service. Then change the Startup Type: to Disabled. Apply.

The MSCamSvc service hung on starting.


Let's remove it. It will probably be reinstalled correctly on the next boot.
Right Click on (My) Computer and select Manage (Continue) then Device Manager.
In Device Manager, locate the Microsoft Cam device. Right click on it and click on uninstall.

The following boot-start or system-start driver(s) failed to load: SBRE

This is related to Sunbelt Enterprise Agent so I would just uninstall it. Reinstall it later if it something you really need. Make sure it is 64 bit qualified and it may want to be installed by right clicking and Run As Admin.


The PEVSystemStart service is marked as an interactive service.
This is a part of Combofix. It will be removed when we uninstall Combofix so nothing to worry about.


Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension

Group Policy is applied by a corporate IT and is nothing we need to worry about unless this is a simple home PC.



Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#20
bike vault

bike vault

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Ron,

Again I can't do this until Monday now - work PC. I can tell you though that Sunbelt is VIPRE.


Ron, can I ask a favour please..

I had (am still having) some problems with my home PC with a message at every boot of TaskTrayApplication has stopped working alongwith IE crashes from time to time.

I did post up under the OS forum but it never really got resolved despite the best efforts of your colleagues.

The guys I dealt with used all sorts of OS routines to resolve it but never went down the malware route.

Would you be kind enough to either take a look at the post or recommend some routines I could run here that would examine my PC for malware?

This was the post:

http://www.geekstogo...36#entry2086536

Thank you as ever..

Cheers,
Simon
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Be glad to. The hardware guys are not allowed to run malware scans even tho they could get some good info. The forum admins are afraid that if people see them there they will start posting in the wrong forum or something.

I assume you have Vista or Win 7 based on what I saw on the other thread.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Appears from your old thread that SFC is not running to completion. Let's see if we can fix that fix that:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt 




attach the file \windows\logs\cbs\junk.txt to your next reply.



Multiple posts are fine. There may be too much for one post anyway.
  • 0

#22
bike vault

bike vault

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Ron,

I'm not sure ComboFix ran..

I use Bitdefender Internet Security 2011 and followed the instructions although they didn't quite agree with what I saw on screen.

I went to the AV tab and then the shield tab and turned off real time protection (set for an hour).

CF ran a dialogue and then there was plenty of hard disk activity; I left it alone and came back after an hour and all seemed peaceful.

I can't find combofix.txt so I'm not sure if it ran or not?

Properties of CF include a section on the general tab saying it might be blocked as it came from another PC. Also the CF icon has a Microsoft like shield on it which my work PC did not.

Do you want me to try this again (obviously your instructions said don't re run so I haven't!)?

Cheers,

Simon
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Go back into Properties and Unblock CF. CF may be saving the log in C:\Combofix\Combofix.txt but if not reboot then try it again. If it still doesn't seem to work then go on to the next step.
  • 0

#24
bike vault

bike vault

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Ron,

Okay I got BitDef turned off okay, unblocked CF and ran as admin.

Dialogue rand and plenty of hard disk activity - still no log though.

TDSSKiller ran fine

log..
21:38:04.0855 3316 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
21:38:05.0074 3316 ============================================================
21:38:05.0074 3316 Current date / time: 2012/01/21 21:38:05.0074
21:38:05.0074 3316 SystemInfo:
21:38:05.0074 3316
21:38:05.0074 3316 OS Version: 6.0.6002 ServicePack: 2.0
21:38:05.0074 3316 Product type: Workstation
21:38:05.0074 3316 ComputerName: HARRISONS-NEW
21:38:05.0074 3316 UserName: harrisons-PC-new
21:38:05.0074 3316 Windows directory: C:\Windows
21:38:05.0074 3316 System windows directory: C:\Windows
21:38:05.0074 3316 Processor architecture: Intel x86
21:38:05.0074 3316 Number of processors: 4
21:38:05.0074 3316 Page size: 0x1000
21:38:05.0074 3316 Boot type: Normal boot
21:38:05.0074 3316 ============================================================
21:38:06.0088 3316 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:38:06.0181 3316 Initialize success
21:38:29.0909 5388 ============================================================
21:38:29.0909 5388 Scan started
21:38:29.0909 5388 Mode: Manual;
21:38:29.0909 5388 ============================================================
21:38:30.0595 5388 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:38:30.0611 5388 ACPI - ok
21:38:30.0642 5388 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:38:30.0642 5388 adp94xx - ok
21:38:30.0673 5388 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:38:30.0673 5388 adpahci - ok
21:38:30.0689 5388 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:38:30.0705 5388 adpu160m - ok
21:38:30.0720 5388 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:38:30.0720 5388 adpu320 - ok
21:38:30.0783 5388 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:38:30.0783 5388 AFD - ok
21:38:30.0829 5388 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:38:30.0829 5388 agp440 - ok
21:38:30.0876 5388 ahcix86s (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
21:38:30.0876 5388 ahcix86s - ok
21:38:30.0892 5388 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:38:30.0907 5388 aic78xx - ok
21:38:30.0923 5388 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:38:30.0923 5388 aliide - ok
21:38:30.0954 5388 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:38:30.0954 5388 amdagp - ok
21:38:30.0970 5388 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:38:30.0970 5388 amdide - ok
21:38:30.0985 5388 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:38:30.0985 5388 AmdK7 - ok
21:38:31.0001 5388 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:38:31.0001 5388 AmdK8 - ok
21:38:31.0048 5388 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:38:31.0063 5388 arc - ok
21:38:31.0079 5388 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:38:31.0079 5388 arcsas - ok
21:38:31.0126 5388 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:38:31.0126 5388 AsyncMac - ok
21:38:31.0157 5388 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:38:31.0157 5388 atapi - ok
21:38:31.0266 5388 avc3 (a16df078cc2927005581054a3fdde00f) C:\Windows\system32\DRIVERS\avc3.sys
21:38:31.0282 5388 avc3 - ok
21:38:31.0329 5388 avckf (3dbfcdb49d7520a7425e59a143b8856b) C:\Windows\system32\DRIVERS\avckf.sys
21:38:31.0360 5388 avckf - ok
21:38:31.0422 5388 bdfm (8d4efc5c378bffe34c298c92f37d3b14) C:\Windows\system32\DRIVERS\bdfm.sys
21:38:31.0422 5388 bdfm - ok
21:38:31.0500 5388 Bdfndisf (817fc12bc93a70b0449ebefaa4d6f4d2) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
21:38:31.0500 5388 Bdfndisf - ok
21:38:31.0516 5388 bdfsfltr (c3e025d46368e3d18085eef26ef6f6a1) C:\Windows\system32\DRIVERS\bdfsfltr.sys
21:38:31.0516 5388 bdfsfltr - ok
21:38:31.0547 5388 Bdftdif (c23a8547d5ea6d0c3589961bfb7ff6d3) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
21:38:31.0547 5388 Bdftdif - ok
21:38:31.0609 5388 bdselfpr (2daa9e807c11b4677cafc1e43a98f8ce) C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys
21:38:31.0609 5388 bdselfpr - ok
21:38:31.0656 5388 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:38:31.0656 5388 Beep - ok
21:38:31.0687 5388 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:38:31.0687 5388 blbdrive - ok
21:38:31.0734 5388 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:38:31.0734 5388 bowser - ok
21:38:31.0765 5388 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:38:31.0765 5388 BrFiltLo - ok
21:38:31.0781 5388 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:38:31.0781 5388 BrFiltUp - ok
21:38:31.0812 5388 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:38:31.0812 5388 Brserid - ok
21:38:31.0843 5388 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:38:31.0843 5388 BrSerWdm - ok
21:38:31.0859 5388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:38:31.0859 5388 BrUsbMdm - ok
21:38:31.0875 5388 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:38:31.0875 5388 BrUsbSer - ok
21:38:31.0890 5388 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:38:31.0890 5388 BTHMODEM - ok
21:38:31.0953 5388 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:38:31.0953 5388 cdfs - ok
21:38:31.0984 5388 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:38:31.0984 5388 cdrom - ok
21:38:32.0015 5388 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:38:32.0015 5388 circlass - ok
21:38:32.0046 5388 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:38:32.0046 5388 CLFS - ok
21:38:32.0093 5388 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:38:32.0093 5388 cmdide - ok
21:38:32.0109 5388 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:38:32.0109 5388 Compbatt - ok
21:38:32.0124 5388 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:38:32.0124 5388 crcdisk - ok
21:38:32.0155 5388 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:38:32.0155 5388 Crusoe - ok
21:38:32.0187 5388 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:38:32.0187 5388 DfsC - ok
21:38:32.0249 5388 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:38:32.0249 5388 disk - ok
21:38:32.0296 5388 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:38:32.0296 5388 drmkaud - ok
21:38:32.0327 5388 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:38:32.0343 5388 DXGKrnl - ok
21:38:32.0358 5388 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:38:32.0358 5388 E1G60 - ok
21:38:32.0405 5388 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:38:32.0405 5388 Ecache - ok
21:38:32.0436 5388 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:38:32.0436 5388 elxstor - ok
21:38:32.0467 5388 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:38:32.0467 5388 ErrDev - ok
21:38:32.0530 5388 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:38:32.0530 5388 exfat - ok
21:38:32.0561 5388 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:38:32.0577 5388 fastfat - ok
21:38:32.0592 5388 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:38:32.0592 5388 fdc - ok
21:38:32.0623 5388 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:38:32.0623 5388 FileInfo - ok
21:38:32.0639 5388 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:38:32.0639 5388 Filetrace - ok
21:38:32.0655 5388 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:38:32.0655 5388 flpydisk - ok
21:38:32.0670 5388 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:38:32.0670 5388 FltMgr - ok
21:38:32.0717 5388 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
21:38:32.0748 5388 FsUsbExDisk - ok
21:38:32.0748 5388 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:38:32.0764 5388 Fs_Rec - ok
21:38:32.0779 5388 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:38:32.0779 5388 gagp30kx - ok
21:38:32.0811 5388 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:38:32.0811 5388 GEARAspiWDM - ok
21:38:32.0889 5388 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:38:32.0904 5388 HdAudAddService - ok
21:38:32.0935 5388 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:38:32.0951 5388 HDAudBus - ok
21:38:32.0967 5388 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:38:32.0967 5388 HidBth - ok
21:38:32.0982 5388 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:38:32.0982 5388 HidIr - ok
21:38:33.0013 5388 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:38:33.0013 5388 HidUsb - ok
21:38:33.0045 5388 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:38:33.0045 5388 HpCISSs - ok
21:38:33.0076 5388 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:38:33.0076 5388 HTTP - ok
21:38:33.0107 5388 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:38:33.0107 5388 i2omp - ok
21:38:33.0138 5388 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:38:33.0138 5388 i8042prt - ok
21:38:33.0185 5388 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
21:38:33.0185 5388 iaStor - ok
21:38:33.0201 5388 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:38:33.0201 5388 iaStorV - ok
21:38:33.0247 5388 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:38:33.0247 5388 iirsp - ok
21:38:33.0325 5388 IntcAzAudAddService (3d40dd1831ed82a9ff660949506aad56) C:\Windows\system32\drivers\RTKVHDA.sys
21:38:33.0341 5388 IntcAzAudAddService - ok
21:38:33.0357 5388 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:38:33.0372 5388 intelide - ok
21:38:33.0388 5388 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:38:33.0388 5388 intelppm - ok
21:38:33.0419 5388 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:38:33.0419 5388 IpFilterDriver - ok
21:38:33.0435 5388 IpInIp - ok
21:38:33.0450 5388 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:38:33.0450 5388 IPMIDRV - ok
21:38:33.0481 5388 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:38:33.0481 5388 IPNAT - ok
21:38:33.0528 5388 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:38:33.0528 5388 IRENUM - ok
21:38:33.0544 5388 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:38:33.0559 5388 isapnp - ok
21:38:33.0575 5388 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:38:33.0575 5388 iScsiPrt - ok
21:38:33.0591 5388 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:38:33.0591 5388 iteatapi - ok
21:38:33.0622 5388 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:38:33.0622 5388 iteraid - ok
21:38:33.0669 5388 JRAID (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
21:38:33.0669 5388 JRAID - ok
21:38:33.0700 5388 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:38:33.0700 5388 kbdclass - ok
21:38:33.0731 5388 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:38:33.0731 5388 kbdhid - ok
21:38:33.0762 5388 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:38:33.0778 5388 KSecDD - ok
21:38:33.0793 5388 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:38:33.0793 5388 lltdio - ok
21:38:33.0887 5388 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
21:38:33.0887 5388 LMIInfo - ok
21:38:33.0903 5388 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
21:38:33.0903 5388 lmimirr - ok
21:38:33.0934 5388 LMIRfsClientNP - ok
21:38:33.0949 5388 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:38:33.0949 5388 LMIRfsDriver - ok
21:38:33.0981 5388 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:38:33.0981 5388 LSI_FC - ok
21:38:34.0012 5388 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:38:34.0012 5388 LSI_SAS - ok
21:38:34.0027 5388 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:38:34.0043 5388 LSI_SCSI - ok
21:38:34.0059 5388 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:38:34.0059 5388 luafv - ok
21:38:34.0105 5388 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:38:34.0105 5388 megasas - ok
21:38:34.0137 5388 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:38:34.0152 5388 MegaSR - ok
21:38:34.0168 5388 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:38:34.0168 5388 Modem - ok
21:38:34.0199 5388 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:38:34.0199 5388 monitor - ok
21:38:34.0215 5388 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:38:34.0215 5388 mouclass - ok
21:38:34.0230 5388 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:38:34.0230 5388 mouhid - ok
21:38:34.0246 5388 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:38:34.0246 5388 MountMgr - ok
21:38:34.0277 5388 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:38:34.0293 5388 mpio - ok
21:38:34.0308 5388 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:38:34.0308 5388 mpsdrv - ok
21:38:34.0324 5388 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:38:34.0339 5388 Mraid35x - ok
21:38:34.0355 5388 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:38:34.0355 5388 MRxDAV - ok
21:38:34.0386 5388 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:38:34.0386 5388 mrxsmb - ok
21:38:34.0417 5388 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:38:34.0417 5388 mrxsmb10 - ok
21:38:34.0433 5388 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:38:34.0433 5388 mrxsmb20 - ok
21:38:34.0449 5388 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:38:34.0449 5388 msahci - ok
21:38:34.0464 5388 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:38:34.0480 5388 msdsm - ok
21:38:34.0495 5388 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:38:34.0511 5388 Msfs - ok
21:38:34.0527 5388 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:38:34.0527 5388 msisadrv - ok
21:38:34.0558 5388 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:38:34.0558 5388 MSKSSRV - ok
21:38:34.0573 5388 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:38:34.0573 5388 MSPCLOCK - ok
21:38:34.0589 5388 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:38:34.0605 5388 MSPQM - ok
21:38:34.0620 5388 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:38:34.0636 5388 MsRPC - ok
21:38:34.0651 5388 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:38:34.0651 5388 mssmbios - ok
21:38:34.0683 5388 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:38:34.0683 5388 MSTEE - ok
21:38:34.0698 5388 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:38:34.0698 5388 Mup - ok
21:38:34.0745 5388 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:38:34.0761 5388 NativeWifiP - ok
21:38:34.0792 5388 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:38:34.0792 5388 NDIS - ok
21:38:34.0807 5388 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:38:34.0807 5388 NdisTapi - ok
21:38:34.0823 5388 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:38:34.0839 5388 Ndisuio - ok
21:38:34.0854 5388 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:38:34.0854 5388 NdisWan - ok
21:38:34.0854 5388 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:38:34.0870 5388 NDProxy - ok
21:38:34.0885 5388 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:38:34.0885 5388 NetBIOS - ok
21:38:34.0901 5388 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:38:34.0901 5388 netbt - ok
21:38:34.0932 5388 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:38:34.0932 5388 nfrd960 - ok
21:38:34.0948 5388 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:38:34.0948 5388 Npfs - ok
21:38:34.0963 5388 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:38:34.0963 5388 nsiproxy - ok
21:38:35.0010 5388 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:38:35.0010 5388 Ntfs - ok
21:38:35.0026 5388 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:38:35.0041 5388 ntrigdigi - ok
21:38:35.0057 5388 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:38:35.0057 5388 Null - ok
21:38:35.0088 5388 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:38:35.0104 5388 NVENETFD - ok
21:38:35.0307 5388 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:38:35.0369 5388 nvlddmkm - ok
21:38:35.0385 5388 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:38:35.0385 5388 nvraid - ok
21:38:35.0416 5388 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
21:38:35.0416 5388 nvsmu - ok
21:38:35.0431 5388 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:38:35.0431 5388 nvstor - ok
21:38:35.0478 5388 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:38:35.0478 5388 nv_agp - ok
21:38:35.0478 5388 NwlnkFlt - ok
21:38:35.0494 5388 NwlnkFwd - ok
21:38:35.0525 5388 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:38:35.0525 5388 ohci1394 - ok
21:38:35.0587 5388 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:38:35.0587 5388 Parport - ok
21:38:35.0603 5388 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:38:35.0603 5388 partmgr - ok
21:38:35.0619 5388 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:38:35.0619 5388 Parvdm - ok
21:38:35.0665 5388 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:38:35.0665 5388 pci - ok
21:38:35.0712 5388 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:38:35.0712 5388 pciide - ok
21:38:35.0728 5388 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:38:35.0743 5388 pcmcia - ok
21:38:35.0790 5388 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:38:35.0806 5388 PEAUTH - ok
21:38:35.0868 5388 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:38:35.0868 5388 PptpMiniport - ok
21:38:35.0884 5388 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:38:35.0884 5388 Processor - ok
21:38:35.0915 5388 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:38:35.0915 5388 PSched - ok
21:38:35.0931 5388 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
21:38:35.0931 5388 PxHelp20 - ok
21:38:35.0993 5388 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:38:36.0009 5388 ql2300 - ok
21:38:36.0040 5388 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:38:36.0040 5388 ql40xx - ok
21:38:36.0071 5388 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:38:36.0071 5388 QWAVEdrv - ok
21:38:36.0196 5388 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
21:38:36.0196 5388 RapportCerberus_34302 - ok
21:38:36.0258 5388 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
21:38:36.0258 5388 RapportEI - ok
21:38:36.0336 5388 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
21:38:36.0336 5388 RapportIaso - ok
21:38:36.0352 5388 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\Windows\system32\Drivers\RapportKELL.sys
21:38:36.0352 5388 RapportKELL - ok
21:38:36.0414 5388 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
21:38:36.0414 5388 RapportPG - ok
21:38:36.0430 5388 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:38:36.0430 5388 RasAcd - ok
21:38:36.0445 5388 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:38:36.0461 5388 Rasl2tp - ok
21:38:36.0492 5388 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:38:36.0492 5388 RasPppoe - ok
21:38:36.0508 5388 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:38:36.0508 5388 RasSstp - ok
21:38:36.0523 5388 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:38:36.0523 5388 rdbss - ok
21:38:36.0523 5388 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:38:36.0539 5388 RDPCDD - ok
21:38:36.0570 5388 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:38:36.0570 5388 rdpdr - ok
21:38:36.0586 5388 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:38:36.0586 5388 RDPENCDD - ok
21:38:36.0617 5388 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:38:36.0617 5388 RDPWD - ok
21:38:36.0648 5388 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:38:36.0648 5388 rspndr - ok
21:38:36.0679 5388 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:38:36.0679 5388 sbp2port - ok
21:38:36.0726 5388 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:38:36.0726 5388 secdrv - ok
21:38:36.0773 5388 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:38:36.0789 5388 Serenum - ok
21:38:36.0804 5388 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:38:36.0820 5388 Serial - ok
21:38:36.0835 5388 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:38:36.0835 5388 sermouse - ok
21:38:36.0867 5388 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:38:36.0867 5388 sffdisk - ok
21:38:36.0882 5388 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:38:36.0882 5388 sffp_mmc - ok
21:38:36.0898 5388 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:38:36.0898 5388 sffp_sd - ok
21:38:36.0929 5388 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:38:36.0929 5388 sfloppy - ok
21:38:36.0945 5388 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:38:36.0945 5388 sisagp - ok
21:38:36.0976 5388 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:38:36.0976 5388 SiSRaid2 - ok
21:38:36.0991 5388 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:38:36.0991 5388 SiSRaid4 - ok
21:38:37.0038 5388 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:38:37.0038 5388 Smb - ok
21:38:37.0085 5388 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:38:37.0085 5388 spldr - ok
21:38:37.0116 5388 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:38:37.0116 5388 srv - ok
21:38:37.0147 5388 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:38:37.0163 5388 srv2 - ok
21:38:37.0163 5388 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:38:37.0179 5388 srvnet - ok
21:38:37.0194 5388 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:38:37.0194 5388 swenum - ok
21:38:37.0225 5388 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:38:37.0225 5388 Symc8xx - ok
21:38:37.0257 5388 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:38:37.0257 5388 Sym_hi - ok
21:38:37.0272 5388 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:38:37.0272 5388 Sym_u3 - ok
21:38:37.0335 5388 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:38:37.0350 5388 Tcpip - ok
21:38:37.0366 5388 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:38:37.0366 5388 Tcpip6 - ok
21:38:37.0397 5388 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:38:37.0397 5388 tcpipreg - ok
21:38:37.0428 5388 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:38:37.0428 5388 TDPIPE - ok
21:38:37.0444 5388 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:38:37.0444 5388 TDTCP - ok
21:38:37.0475 5388 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:38:37.0475 5388 tdx - ok
21:38:37.0506 5388 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:38:37.0506 5388 TermDD - ok
21:38:37.0569 5388 Trufos (a919775c03303d0e0690b315d26a5e1d) C:\Windows\system32\DRIVERS\Trufos.sys
21:38:37.0569 5388 Trufos - ok
21:38:37.0600 5388 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:38:37.0600 5388 tssecsrv - ok
21:38:37.0631 5388 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:38:37.0631 5388 tunmp - ok
21:38:37.0647 5388 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:38:37.0647 5388 tunnel - ok
21:38:37.0662 5388 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:38:37.0662 5388 uagp35 - ok
21:38:37.0693 5388 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:38:37.0693 5388 udfs - ok
21:38:37.0740 5388 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:38:37.0740 5388 uliagpkx - ok
21:38:37.0771 5388 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:38:37.0771 5388 uliahci - ok
21:38:37.0787 5388 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:38:37.0787 5388 UlSata - ok
21:38:37.0818 5388 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:38:37.0818 5388 ulsata2 - ok
21:38:37.0849 5388 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:38:37.0849 5388 umbus - ok
21:38:37.0896 5388 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:38:37.0912 5388 USBAAPL - ok
21:38:37.0943 5388 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:38:37.0943 5388 usbccgp - ok
21:38:37.0959 5388 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:38:37.0974 5388 usbcir - ok
21:38:38.0021 5388 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:38:38.0021 5388 usbehci - ok
21:38:38.0037 5388 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:38:38.0037 5388 usbhub - ok
21:38:38.0052 5388 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:38:38.0052 5388 usbohci - ok
21:38:38.0083 5388 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:38:38.0083 5388 usbprint - ok
21:38:38.0115 5388 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:38:38.0115 5388 usbscan - ok
21:38:38.0146 5388 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:38:38.0146 5388 USBSTOR - ok
21:38:38.0177 5388 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:38:38.0177 5388 usbuhci - ok
21:38:38.0208 5388 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:38:38.0208 5388 vga - ok
21:38:38.0224 5388 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:38:38.0224 5388 VgaSave - ok
21:38:38.0239 5388 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:38:38.0239 5388 viaagp - ok
21:38:38.0255 5388 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:38:38.0255 5388 ViaC7 - ok
21:38:38.0271 5388 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:38:38.0271 5388 viaide - ok
21:38:38.0302 5388 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:38:38.0302 5388 volmgr - ok
21:38:38.0317 5388 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:38:38.0333 5388 volmgrx - ok
21:38:38.0333 5388 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:38:38.0349 5388 volsnap - ok
21:38:38.0364 5388 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:38:38.0380 5388 vsmraid - ok
21:38:38.0411 5388 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:38:38.0411 5388 WacomPen - ok
21:38:38.0427 5388 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:38:38.0442 5388 Wanarp - ok
21:38:38.0442 5388 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:38:38.0442 5388 Wanarpv6 - ok
21:38:38.0458 5388 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:38:38.0458 5388 Wd - ok
21:38:38.0489 5388 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:38:38.0505 5388 Wdf01000 - ok
21:38:38.0583 5388 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:38:38.0583 5388 WmiAcpi - ok
21:38:38.0629 5388 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:38:38.0629 5388 WpdUsb - ok
21:38:38.0661 5388 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:38:38.0661 5388 ws2ifsl - ok
21:38:38.0723 5388 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:38:38.0739 5388 WUDFRd - ok
21:38:38.0754 5388 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:38:38.0832 5388 \Device\Harddisk0\DR0 - ok
21:38:38.0832 5388 Boot (0x1200) (b065f26b0ae089a9854d01e407bf7c7f) \Device\Harddisk0\DR0\Partition0
21:38:38.0832 5388 \Device\Harddisk0\DR0\Partition0 - ok
21:38:38.0863 5388 Boot (0x1200) (22b33b718db46057e9a848b13ae30356) \Device\Harddisk0\DR0\Partition1
21:38:38.0863 5388 \Device\Harddisk0\DR0\Partition1 - ok
21:38:38.0863 5388 ============================================================
21:38:38.0863 5388 Scan finished
21:38:38.0863 5388 ============================================================
21:38:38.0879 5100 Detected object count: 0
21:38:38.0879 5100 Actual detected object count: 0
21:38:55.0821 2808 ============================================================
21:38:55.0821 2808 Scan started
21:38:55.0821 2808 Mode: Manual; SigCheck; TDLFS;
21:38:55.0821 2808 ============================================================
21:38:56.0101 2808 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:38:56.0226 2808 ACPI - ok
21:38:56.0257 2808 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:38:56.0289 2808 adp94xx - ok
21:38:56.0320 2808 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:38:56.0335 2808 adpahci - ok
21:38:56.0351 2808 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:38:56.0382 2808 adpu160m - ok
21:38:56.0398 2808 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:38:56.0413 2808 adpu320 - ok
21:38:56.0460 2808 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:39:01.0515 2808 AFD - ok
21:39:01.0546 2808 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:39:01.0561 2808 agp440 - ok
21:39:01.0593 2808 ahcix86s (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
21:39:01.0655 2808 ahcix86s - ok
21:39:01.0671 2808 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:39:01.0702 2808 aic78xx - ok
21:39:01.0717 2808 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:39:01.0733 2808 aliide - ok
21:39:01.0749 2808 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:39:01.0780 2808 amdagp - ok
21:39:01.0795 2808 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:39:01.0811 2808 amdide - ok
21:39:01.0827 2808 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:39:01.0858 2808 AmdK7 - ok
21:39:01.0873 2808 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:39:01.0936 2808 AmdK8 - ok
21:39:01.0951 2808 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:39:01.0983 2808 arc - ok
21:39:01.0998 2808 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:39:02.0014 2808 arcsas - ok
21:39:02.0045 2808 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:39:02.0092 2808 AsyncMac - ok
21:39:02.0123 2808 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:39:02.0154 2808 atapi - ok
21:39:02.0201 2808 avc3 (a16df078cc2927005581054a3fdde00f) C:\Windows\system32\DRIVERS\avc3.sys
21:39:02.0217 2808 avc3 - ok
21:39:02.0248 2808 avckf (3dbfcdb49d7520a7425e59a143b8856b) C:\Windows\system32\DRIVERS\avckf.sys
21:39:02.0295 2808 avckf - ok
21:39:02.0326 2808 bdfm (8d4efc5c378bffe34c298c92f37d3b14) C:\Windows\system32\DRIVERS\bdfm.sys
21:39:02.0341 2808 bdfm - ok
21:39:02.0419 2808 Bdfndisf (817fc12bc93a70b0449ebefaa4d6f4d2) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
21:39:02.0435 2808 Bdfndisf - ok
21:39:02.0466 2808 bdfsfltr (c3e025d46368e3d18085eef26ef6f6a1) C:\Windows\system32\DRIVERS\bdfsfltr.sys
21:39:02.0482 2808 bdfsfltr - ok
21:39:02.0513 2808 Bdftdif (c23a8547d5ea6d0c3589961bfb7ff6d3) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
21:39:02.0544 2808 Bdftdif - ok
21:39:02.0591 2808 bdselfpr (2daa9e807c11b4677cafc1e43a98f8ce) C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys
21:39:02.0622 2808 bdselfpr - ok
21:39:02.0638 2808 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:39:02.0700 2808 Beep - ok
21:39:02.0731 2808 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:39:02.0778 2808 blbdrive - ok
21:39:02.0809 2808 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:39:02.0856 2808 bowser - ok
21:39:02.0887 2808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:39:02.0919 2808 BrFiltLo - ok
21:39:02.0934 2808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:39:02.0981 2808 BrFiltUp - ok
21:39:02.0997 2808 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:39:03.0059 2808 Brserid - ok
21:39:03.0090 2808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:39:03.0168 2808 BrSerWdm - ok
21:39:03.0184 2808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:39:03.0262 2808 BrUsbMdm - ok
21:39:03.0277 2808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:39:03.0355 2808 BrUsbSer - ok
21:39:03.0371 2808 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:39:03.0433 2808 BTHMODEM - ok
21:39:03.0480 2808 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:39:03.0527 2808 cdfs - ok
21:39:03.0558 2808 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:39:03.0589 2808 cdrom - ok
21:39:03.0621 2808 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:39:03.0652 2808 circlass - ok
21:39:03.0683 2808 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:39:03.0714 2808 CLFS - ok
21:39:03.0730 2808 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:39:03.0745 2808 cmdide - ok
21:39:03.0761 2808 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:39:03.0792 2808 Compbatt - ok
21:39:03.0808 2808 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:39:03.0823 2808 crcdisk - ok
21:39:03.0839 2808 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:39:03.0870 2808 Crusoe - ok
21:39:03.0917 2808 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:39:03.0948 2808 DfsC - ok
21:39:03.0964 2808 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:39:03.0979 2808 disk - ok
21:39:04.0011 2808 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:39:04.0073 2808 drmkaud - ok
21:39:04.0104 2808 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:39:04.0135 2808 DXGKrnl - ok
21:39:04.0167 2808 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:39:04.0213 2808 E1G60 - ok
21:39:04.0245 2808 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:39:04.0260 2808 Ecache - ok
21:39:04.0291 2808 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:39:04.0323 2808 elxstor - ok
21:39:04.0338 2808 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:39:04.0401 2808 ErrDev - ok
21:39:04.0447 2808 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:39:04.0479 2808 exfat - ok
21:39:04.0510 2808 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:39:04.0557 2808 fastfat - ok
21:39:04.0588 2808 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:39:04.0635 2808 fdc - ok
21:39:04.0681 2808 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:39:04.0713 2808 FileInfo - ok
21:39:04.0728 2808 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:39:04.0775 2808 Filetrace - ok
21:39:04.0806 2808 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:39:04.0853 2808 flpydisk - ok
21:39:04.0869 2808 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:39:04.0900 2808 FltMgr - ok
21:39:04.0931 2808 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
21:39:04.0962 2808 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
21:39:04.0962 2808 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
21:39:04.0978 2808 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:39:05.0025 2808 Fs_Rec - ok
21:39:05.0056 2808 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:39:05.0071 2808 gagp30kx - ok
21:39:05.0103 2808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:39:05.0118 2808 GEARAspiWDM - ok
21:39:05.0165 2808 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:39:05.0212 2808 HdAudAddService - ok
21:39:05.0259 2808 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:39:05.0321 2808 HDAudBus - ok
21:39:05.0352 2808 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:39:05.0430 2808 HidBth - ok
21:39:05.0446 2808 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:39:05.0524 2808 HidIr - ok
21:39:05.0555 2808 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:39:05.0602 2808 HidUsb - ok
21:39:05.0633 2808 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:39:05.0649 2808 HpCISSs - ok
21:39:05.0680 2808 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:39:05.0758 2808 HTTP - ok
21:39:05.0773 2808 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:39:05.0805 2808 i2omp - ok
21:39:05.0820 2808 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:39:05.0851 2808 i8042prt - ok
21:39:05.0883 2808 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
21:39:05.0898 2808 iaStor - ok
21:39:05.0929 2808 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:39:05.0961 2808 iaStorV - ok
21:39:05.0976 2808 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:39:05.0992 2808 iirsp - ok
21:39:06.0070 2808 IntcAzAudAddService (3d40dd1831ed82a9ff660949506aad56) C:\Windows\system32\drivers\RTKVHDA.sys
21:39:06.0148 2808 IntcAzAudAddService - ok
21:39:06.0179 2808 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:39:06.0195 2808 intelide - ok
21:39:06.0210 2808 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:39:06.0241 2808 intelppm - ok
21:39:06.0288 2808 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:39:06.0319 2808 IpFilterDriver - ok
21:39:06.0335 2808 IpInIp - ok
21:39:06.0351 2808 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:39:06.0429 2808 IPMIDRV - ok
21:39:06.0444 2808 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:39:06.0491 2808 IPNAT - ok
21:39:06.0522 2808 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:39:06.0569 2808 IRENUM - ok
21:39:06.0616 2808 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:39:06.0631 2808 isapnp - ok
21:39:06.0647 2808 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:39:06.0678 2808 iScsiPrt - ok
21:39:06.0694 2808 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:39:06.0709 2808 iteatapi - ok
21:39:06.0725 2808 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:39:06.0756 2808 iteraid - ok
21:39:06.0787 2808 JRAID (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
21:39:06.0834 2808 JRAID - ok
21:39:06.0850 2808 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:39:06.0881 2808 kbdclass - ok
21:39:06.0912 2808 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:39:06.0943 2808 kbdhid - ok
21:39:06.0990 2808 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:39:07.0021 2808 KSecDD - ok
21:39:07.0037 2808 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:39:07.0099 2808 lltdio - ok
21:39:07.0177 2808 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
21:39:07.0209 2808 LMIInfo - ok
21:39:07.0240 2808 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
21:39:07.0255 2808 lmimirr - ok
21:39:07.0255 2808 LMIRfsClientNP - ok
21:39:07.0271 2808 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:39:07.0287 2808 LMIRfsDriver - ok
21:39:07.0318 2808 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:39:07.0333 2808 LSI_FC - ok
21:39:07.0365 2808 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:39:07.0380 2808 LSI_SAS - ok
21:39:07.0396 2808 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:39:07.0427 2808 LSI_SCSI - ok
21:39:07.0443 2808 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:39:07.0505 2808 luafv - ok
21:39:07.0521 2808 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:39:07.0552 2808 megasas - ok
21:39:07.0583 2808 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:39:07.0599 2808 MegaSR - ok
21:39:07.0630 2808 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:39:07.0677 2808 Modem - ok
21:39:07.0708 2808 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:39:07.0770 2808 monitor - ok
21:39:07.0801 2808 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:39:07.0817 2808 mouclass - ok
21:39:07.0833 2808 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:39:07.0879 2808 mouhid - ok
21:39:07.0895 2808 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:39:07.0911 2808 MountMgr - ok
21:39:07.0942 2808 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:39:07.0957 2808 mpio - ok
21:39:07.0989 2808 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:39:08.0035 2808 mpsdrv - ok
21:39:08.0051 2808 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:39:08.0082 2808 Mraid35x - ok
21:39:08.0098 2808 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:39:08.0145 2808 MRxDAV - ok
21:39:08.0176 2808 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:08.0207 2808 mrxsmb - ok
21:39:08.0238 2808 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:08.0269 2808 mrxsmb10 - ok
21:39:08.0285 2808 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:08.0332 2808 mrxsmb20 - ok
21:39:08.0363 2808 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:39:08.0379 2808 msahci - ok
21:39:08.0410 2808 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:39:08.0425 2808 msdsm - ok
21:39:08.0457 2808 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:39:08.0488 2808 Msfs - ok
21:39:08.0503 2808 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:39:08.0519 2808 msisadrv - ok
21:39:08.0550 2808 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:39:08.0581 2808 MSKSSRV - ok
21:39:08.0597 2808 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:08.0628 2808 MSPCLOCK - ok
21:39:08.0644 2808 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:39:08.0691 2808 MSPQM - ok
21:39:08.0722 2808 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:39:08.0737 2808 MsRPC - ok
21:39:08.0753 2808 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:39:08.0784 2808 mssmbios - ok
21:39:08.0800 2808 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:39:08.0831 2808 MSTEE - ok
21:39:08.0847 2808 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:39:08.0862 2808 Mup - ok
21:39:08.0909 2808 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:39:08.0940 2808 NativeWifiP - ok
21:39:08.0971 2808 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:39:09.0003 2808 NDIS - ok
21:39:09.0018 2808 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:09.0065 2808 NdisTapi - ok
21:39:09.0096 2808 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:09.0143 2808 Ndisuio - ok
21:39:09.0174 2808 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:09.0205 2808 NdisWan - ok
21:39:09.0205 2808 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:39:09.0237 2808 NDProxy - ok
21:39:09.0268 2808 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:39:09.0315 2808 NetBIOS - ok
21:39:09.0330 2808 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:39:09.0393 2808 netbt - ok
21:39:09.0424 2808 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:39:09.0439 2808 nfrd960 - ok
21:39:09.0471 2808 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:39:09.0517 2808 Npfs - ok
21:39:09.0517 2808 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:39:09.0564 2808 nsiproxy - ok
21:39:09.0611 2808 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:39:09.0642 2808 Ntfs - ok
21:39:09.0673 2808 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:39:09.0720 2808 ntrigdigi - ok
21:39:09.0720 2808 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:39:09.0767 2808 Null - ok
21:39:09.0798 2808 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:39:09.0845 2808 NVENETFD - ok
21:39:10.0032 2808 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:39:10.0313 2808 nvlddmkm - ok
21:39:10.0329 2808 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:39:10.0360 2808 nvraid - ok
21:39:10.0375 2808 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
21:39:10.0422 2808 nvsmu - ok
21:39:10.0438 2808 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:39:10.0469 2808 nvstor - ok
21:39:10.0485 2808 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:39:10.0500 2808 nv_agp - ok
21:39:10.0516 2808 NwlnkFlt - ok
21:39:10.0531 2808 NwlnkFwd - ok
21:39:10.0563 2808 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:39:10.0609 2808 ohci1394 - ok
21:39:10.0641 2808 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:39:10.0703 2808 Parport - ok
21:39:10.0734 2808 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:39:10.0750 2808 partmgr - ok
21:39:10.0765 2808 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:39:10.0843 2808 Parvdm - ok
21:39:10.0875 2808 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:39:10.0890 2808 pci - ok
21:39:10.0906 2808 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:39:10.0921 2808 pciide - ok
21:39:10.0968 2808 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:39:10.0984 2808 pcmcia - ok
21:39:11.0015 2808 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:39:11.0077 2808 PEAUTH - ok
21:39:11.0140 2808 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:39:11.0187 2808 PptpMiniport - ok
21:39:11.0218 2808 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:39:11.0265 2808 Processor - ok
21:39:11.0296 2808 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:39:11.0343 2808 PSched - ok
21:39:11.0374 2808 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
21:39:11.0389 2808 PxHelp20 - ok
21:39:11.0436 2808 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:39:11.0483 2808 ql2300 - ok
21:39:11.0499 2808 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:39:11.0530 2808 ql40xx - ok
21:39:11.0545 2808 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:39:11.0577 2808 QWAVEdrv - ok
21:39:11.0670 2808 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
21:39:11.0701 2808 RapportCerberus_34302 - ok
21:39:11.0764 2808 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
21:39:11.0779 2808 RapportEI - ok
21:39:11.0857 2808 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
21:39:11.0889 2808 RapportIaso - ok
21:39:11.0967 2808 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\Windows\system32\Drivers\RapportKELL.sys
21:39:11.0982 2808 RapportKELL - ok
21:39:12.0123 2808 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
21:39:12.0138 2808 RapportPG - ok
21:39:12.0154 2808 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:39:12.0201 2808 RasAcd - ok
21:39:12.0216 2808 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:12.0263 2808 Rasl2tp - ok
21:39:12.0294 2808 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:12.0341 2808 RasPppoe - ok
21:39:12.0372 2808 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:39:12.0388 2808 RasSstp - ok
21:39:12.0419 2808 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:39:12.0481 2808 rdbss - ok
21:39:12.0481 2808 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:12.0528 2808 RDPCDD - ok
21:39:12.0559 2808 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:39:12.0591 2808 rdpdr - ok
21:39:12.0606 2808 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:39:12.0653 2808 RDPENCDD - ok
21:39:12.0669 2808 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:39:12.0700 2808 RDPWD - ok
21:39:12.0747 2808 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:39:12.0793 2808 rspndr - ok
21:39:12.0825 2808 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:39:12.0840 2808 sbp2port - ok
21:39:12.0887 2808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:39:12.0949 2808 secdrv - ok
21:39:12.0981 2808 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:39:13.0043 2808 Serenum - ok
21:39:13.0074 2808 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:39:13.0121 2808 Serial - ok
21:39:13.0137 2808 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:39:13.0183 2808 sermouse - ok
21:39:13.0215 2808 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:39:13.0277 2808 sffdisk - ok
21:39:13.0293 2808 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:39:13.0324 2808 sffp_mmc - ok
21:39:13.0339 2808 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:39:13.0386 2808 sffp_sd - ok
21:39:13.0417 2808 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:39:13.0480 2808 sfloppy - ok
21:39:13.0511 2808 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:39:13.0527 2808 sisagp - ok
21:39:13.0558 2808 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:39:13.0573 2808 SiSRaid2 - ok
21:39:13.0589 2808 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:39:13.0620 2808 SiSRaid4 - ok
21:39:13.0651 2808 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:39:13.0683 2808 Smb - ok
21:39:13.0714 2808 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:39:13.0729 2808 spldr - ok
21:39:13.0776 2808 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:39:13.0807 2808 srv - ok
21:39:13.0839 2808 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:39:13.0885 2808 srv2 - ok
21:39:13.0901 2808 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:39:13.0948 2808 srvnet - ok
21:39:13.0995 2808 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:39:14.0010 2808 swenum - ok
21:39:14.0026 2808 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:39:14.0041 2808 Symc8xx - ok
21:39:14.0057 2808 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:39:14.0088 2808 Sym_hi - ok
21:39:14.0104 2808 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:39:14.0119 2808 Sym_u3 - ok
21:39:14.0166 2808 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:39:14.0213 2808 Tcpip - ok
21:39:14.0244 2808 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:39:14.0275 2808 Tcpip6 - ok
21:39:14.0307 2808 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:39:14.0338 2808 tcpipreg - ok
21:39:14.0353 2808 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:39:14.0400 2808 TDPIPE - ok
21:39:14.0431 2808 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:39:14.0463 2808 TDTCP - ok
21:39:14.0494 2808 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:39:14.0525 2808 tdx - ok
21:39:14.0556 2808 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:39:14.0587 2808 TermDD - ok
21:39:14.0634 2808 Trufos (a919775c03303d0e0690b315d26a5e1d) C:\Windows\system32\DRIVERS\Trufos.sys
21:39:14.0650 2808 Trufos ( UnsignedFile.Multi.Generic ) - warning
21:39:14.0650 2808 Trufos - detected UnsignedFile.Multi.Generic (1)
21:39:14.0681 2808 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:14.0728 2808 tssecsrv - ok
21:39:14.0759 2808 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:39:14.0790 2808 tunmp - ok
21:39:14.0821 2808 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:39:14.0868 2808 tunnel - ok
21:39:14.0899 2808 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:39:14.0915 2808 uagp35 - ok
21:39:14.0946 2808 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:39:14.0977 2808 udfs - ok
21:39:15.0009 2808 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:39:15.0024 2808 uliagpkx - ok
21:39:15.0040 2808 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:39:15.0071 2808 uliahci - ok
21:39:15.0087 2808 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:39:15.0102 2808 UlSata - ok
21:39:15.0133 2808 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:39:15.0149 2808 ulsata2 - ok
21:39:15.0165 2808 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:39:15.0227 2808 umbus - ok
21:39:15.0274 2808 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:39:15.0305 2808 USBAAPL - ok
21:39:15.0352 2808 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:15.0399 2808 usbccgp - ok
21:39:15.0430 2808 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:39:15.0477 2808 usbcir - ok
21:39:15.0508 2808 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:39:15.0555 2808 usbehci - ok
21:39:15.0586 2808 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:39:15.0633 2808 usbhub - ok
21:39:15.0648 2808 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:39:15.0711 2808 usbohci - ok
21:39:15.0742 2808 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:39:15.0773 2808 usbprint - ok
21:39:15.0804 2808 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:39:15.0851 2808 usbscan - ok
21:39:15.0882 2808 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:15.0913 2808 USBSTOR - ok
21:39:15.0945 2808 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:39:15.0976 2808 usbuhci - ok
21:39:15.0991 2808 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:16.0038 2808 vga - ok
21:39:16.0054 2808 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:39:16.0101 2808 VgaSave - ok
21:39:16.0132 2808 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:39:16.0147 2808 viaagp - ok
21:39:16.0163 2808 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:39:16.0210 2808 ViaC7 - ok
21:39:16.0257 2808 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:39:16.0272 2808 viaide - ok
21:39:16.0288 2808 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:39:16.0303 2808 volmgr - ok
21:39:16.0335 2808 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:39:16.0366 2808 volmgrx - ok
21:39:16.0381 2808 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:39:16.0397 2808 volsnap - ok
21:39:16.0428 2808 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:39:16.0444 2808 vsmraid - ok
21:39:16.0491 2808 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:39:16.0537 2808 WacomPen - ok
21:39:16.0553 2808 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:16.0615 2808 Wanarp - ok
21:39:16.0615 2808 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:16.0647 2808 Wanarpv6 - ok
21:39:16.0678 2808 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:39:16.0693 2808 Wd - ok
21:39:16.0709 2808 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:39:16.0740 2808 Wdf01000 - ok
21:39:16.0803 2808 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:39:16.0849 2808 WmiAcpi - ok
21:39:16.0912 2808 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:39:16.0943 2808 WpdUsb - ok
21:39:16.0974 2808 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:39:17.0037 2808 ws2ifsl - ok
21:39:17.0068 2808 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:17.0115 2808 WUDFRd - ok
21:39:17.0130 2808 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:39:17.0317 2808 \Device\Harddisk0\DR0 - ok
21:39:17.0317 2808 Boot (0x1200) (b065f26b0ae089a9854d01e407bf7c7f) \Device\Harddisk0\DR0\Partition0
21:39:17.0317 2808 \Device\Harddisk0\DR0\Partition0 - ok
21:39:17.0349 2808 Boot (0x1200) (22b33b718db46057e9a848b13ae30356) \Device\Harddisk0\DR0\Partition1
21:39:17.0349 2808 \Device\Harddisk0\DR0\Partition1 - ok
21:39:17.0349 2808 ============================================================
21:39:17.0349 2808 Scan finished
21:39:17.0349 2808 ============================================================
21:39:17.0364 5784 Detected object count: 2
21:39:17.0364 5784 Actual detected object count: 2
21:39:29.0485 5784 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
21:39:29.0485 5784 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:39:29.0485 5784 Trufos ( UnsignedFile.Multi.Generic ) - skipped by user
21:39:29.0485 5784 Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:39:31.0935 5984 Deinitialize success


Ran aswMBR no problems - FIX not highlighted at the end.

Log..

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-21 21:40:07
-----------------------------
21:40:07.657 OS Version: Windows 6.0.6002 Service Pack 2
21:40:07.657 Number of processors: 4 586 0x170A
21:40:07.657 ComputerName: HARRISONS-NEW UserName:
21:40:09.249 Initialize success
21:40:29.162 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:40:29.162 Disk 0 Vendor: WDC_WD6400AAKS-07A7B2 01.03B01 Size: 610480MB BusType: 3
21:40:29.178 Disk 0 MBR read successfully
21:40:29.193 Disk 0 MBR scan
21:40:29.193 Disk 0 Windows VISTA default MBR code
21:40:29.193 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 2048
21:40:29.209 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 201827 MB offset 18434048
21:40:29.225 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 399651 MB offset 431775744
21:40:29.256 Disk 0 scanning sectors +1250261680
21:40:29.334 Disk 0 scanning C:\Windows\system32\drivers
21:40:34.185 Service scanning
21:40:36.026 Modules scanning
21:40:40.956 Scan finished successfully
21:41:05.661 Disk 0 MBR has been saved successfully to "C:\Users\harrisons-PC-new\Desktop\malware\MBR.dat"
21:41:05.661 The log file has been saved successfully to "C:\Users\harrisons-PC-new\Desktop\malware\aswMBR.txt"
  • 0

#25
bike vault

bike vault

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Ron,

Here's the rest.. One thing I now have MBAM in the systray and not BitDef - is this okay?

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.22.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
harrisons-PC-new :: HARRISONS-NEW [administrator]

Protection: Enabled

22/01/2012 09:21:41
mbam-log-2012-01-22 (09-21-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230831
Time elapsed: 13 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL all run okay..

log..

OTL logfile created on: 21/01/2012 23:03:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\harrisons-PC-new\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 51.65% Memory free
6.71 Gb Paging File | 5.06 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 197.10 Gb Total Space | 44.38 Gb Free Space | 22.52% Space Free | Partition Type: NTFS
Drive D: | 390.28 Gb Total Space | 382.89 Gb Free Space | 98.11% Space Free | Partition Type: NTFS

Computer Name: HARRISONS-NEW | User Name: harrisons-PC-new | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 23:01:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\harrisons-PC-new\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/20 08:13:59 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/12/20 08:13:39 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/21 13:47:14 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 15:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/07/19 12:27:28 | 000,708,256 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\seccenter.exe
PRC - [2011/07/10 09:46:26 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011/07/10 09:46:23 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011/07/10 09:45:58 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011/07/10 09:45:31 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 19:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office2010\Office14\ONENOTEM.EXE
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/10 09:46:17 | 000,109,344 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\connector.dll
MOD - [2011/07/10 09:46:12 | 000,189,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\txmlutil.dll
MOD - [2011/07/10 09:45:40 | 000,185,040 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\framework.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/20 08:13:59 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/20 08:13:39 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/07/10 09:46:26 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2011/07/10 09:45:58 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/11/30 06:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010/05/02 15:45:34 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/04/02 20:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/05/15 10:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [On_Demand | Stopped] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 08:13:41 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/15 17:07:16 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/07/19 08:12:12 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/10 09:46:40 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011/07/10 09:46:12 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/24 14:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/11/29 13:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010/11/29 13:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010/08/20 17:41:52 | 000,126,800 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010/08/20 14:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010/05/13 15:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/01/08 09:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/27 11:55:54 | 000,173,576 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/04/03 12:58:46 | 000,076,688 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/01/21 02:23:26 | 000,035,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/21 02:23:23 | 000,013,312 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/21 02:23:23 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2008/01/21 02:23:23 | 000,011,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2008/01/21 02:23:22 | 000,064,512 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2008/01/21 02:23:22 | 000,061,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2008/01/21 02:23:22 | 000,059,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2008/01/21 02:23:21 | 000,094,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/21 02:23:20 | 000,105,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/21 02:23:20 | 000,019,968 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/21 02:23:02 | 000,030,264 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/21 02:23:01 | 000,248,832 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/21 02:23:01 | 000,109,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2008/01/21 02:23:01 | 000,060,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2008/01/21 02:23:01 | 000,056,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/01/21 02:23:01 | 000,056,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/01/21 02:23:01 | 000,049,720 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/21 02:23:01 | 000,045,568 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/21 02:23:00 | 000,044,032 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/21 02:23:00 | 000,041,472 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/21 02:23:00 | 000,041,472 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/21 02:23:00 | 000,040,960 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2008/01/21 02:23:00 | 000,040,960 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/21 02:23:00 | 000,028,728 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/21 02:23:00 | 000,020,792 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/21 02:23:00 | 000,017,976 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/21 02:23:00 | 000,017,976 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/21 02:23:00 | 000,006,656 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\errdev.sys -- (ErrDev)
DRV - [2007/10/12 14:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/02 09:51:12 | 000,167,528 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 09:50:16 | 000,076,392 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 08:55:23 | 000,039,936 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 08:55:22 | 000,029,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 08:55:09 | 000,068,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 08:55:01 | 000,021,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 08:52:52 | 000,020,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 08:51:40 | 000,013,312 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 08:51:30 | 000,083,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 08:51:30 | 000,079,360 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 08:51:25 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 08:51:23 | 000,008,704 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=FUJD&bmod=FUJD

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 BD A6 21 05 EA CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIC279~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIC279~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/10/12 13:03:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2011/10/12 13:03:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\harrisons-PC-new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20111123062837 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://iris.webex.c...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5857DF30-BD72-4E2F-AA8F-CD8289F319FA}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/01 15:49:16 | 000,000,066 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f84a3071-5bf9-11df-ae4a-002421b3ce9b}\Shell\AutoRun\command - "" = K:\P-touch2430PC\P-touch2430PC.exe
O33 - MountPoints2\{f84a3071-5bf9-11df-ae4a-002421b3ce9b}\Shell\demo\command - "" = K:\P-touch2430PC\P-touch2430PC.exe
O33 - MountPoints2\{faa6240e-6ca5-11df-916e-002421b3ce9b}\Shell\AutoRun\command - "" = wdsync.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 23:01:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\harrisons-PC-new\Desktop\OTL.exe
[2012/01/21 21:43:04 | 000,000,000 | ---D | C] -- C:\Users\harrisons-PC-new\AppData\Roaming\Malwarebytes
[2012/01/21 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/21 21:42:56 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/21 21:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/21 21:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/21 21:39:42 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\harrisons-PC-new\Desktop\aswMBR.exe
[2012/01/21 21:36:42 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\harrisons-PC-new\Desktop\tdsskiller.exe
[2012/01/21 20:56:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/21 18:32:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/21 16:48:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/21 16:47:25 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/01/21 16:46:11 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\harrisons-PC-new\Desktop\ComboFix.exe
[2012/01/21 16:42:43 | 000,000,000 | ---D | C] -- C:\Users\harrisons-PC-new\Desktop\malware
[2012/01/11 15:13:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 15:13:02 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 15:13:01 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/11 15:12:56 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 15:12:56 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/02 17:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/01/02 17:17:02 | 000,000,000 | ---D | C] -- C:\Users\harrisons-PC-new\AppData\Local\Windows Live
[2012/01/02 17:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/12/24 10:52:39 | 000,000,000 | ---D | C] -- C:\Users\harrisons-PC-new\Documents\OneNote Notebooks
[2011/12/24 09:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/24 09:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/12/24 09:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office2010
[2011/12/24 09:16:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2009/12/10 11:31:34 | 000,184,320 | R--- | C] ( ) -- C:\Windows\System32\SgE.interop.MSXML2.dll
[2006/12/12 09:59:08 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\Interop.MSXML2.dll

========== Files - Modified Within 30 Days ==========

[2012/01/21 23:01:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\harrisons-PC-new\Desktop\OTL.exe
[2012/01/21 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/21 22:26:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/21 22:26:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/21 21:42:57 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 21:39:49 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\harrisons-PC-new\Desktop\aswMBR.exe
[2012/01/21 21:36:42 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\harrisons-PC-new\Desktop\tdsskiller.exe
[2012/01/21 20:56:37 | 000,000,000 | ---- | M] () -- C:\Start_.cmd
[2012/01/21 20:55:18 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\harrisons-PC-new\Desktop\ComboFix.exe
[2012/01/21 18:26:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/21 18:26:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/21 18:26:25 | 3488,845,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/21 16:41:38 | 000,002,653 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2012/01/21 10:01:48 | 000,002,621 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Swivellers Cribbage.lnk
[2012/01/21 07:55:51 | 000,001,123 | ---- | M] () -- C:\Users\harrisons-PC-new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/01/21 07:55:38 | 000,002,585 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft OneNote 2010.lnk
[2012/01/20 15:03:08 | 000,002,611 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2012/01/14 20:12:38 | 000,620,432 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/14 20:12:38 | 000,113,138 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/12 07:03:12 | 000,000,944 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/03 06:54:05 | 000,407,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/29 18:27:55 | 000,086,345 | ---- | M] () -- C:\Users\harrisons-PC-new\Desktop\Capture.JPG
[2011/12/26 10:57:24 | 004,560,994 | ---- | M] () -- C:\Users\harrisons-PC-new\Desktop\P1000858.JPG
[2011/12/24 23:22:46 | 000,002,621 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk

========== Files Created - No Company Name ==========

[2012/01/21 21:42:57 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 20:56:37 | 000,000,000 | ---- | C] () -- C:\Start_.cmd
[2011/12/31 10:23:28 | 004,560,994 | ---- | C] () -- C:\Users\harrisons-PC-new\Desktop\P1000858.JPG
[2011/12/24 10:52:44 | 000,001,123 | ---- | C] () -- C:\Users\harrisons-PC-new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/12/24 09:31:07 | 000,002,653 | ---- | C] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/12/24 09:31:01 | 000,002,621 | ---- | C] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk
[2011/12/24 09:30:57 | 000,002,585 | ---- | C] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft OneNote 2010.lnk
[2011/12/24 09:30:39 | 000,002,611 | ---- | C] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2011/07/05 06:05:54 | 000,002,033 | ---- | C] () -- C:\ProgramData\search_result.xml
[2011/03/23 07:21:09 | 000,000,054 | ---- | C] () -- C:\Windows\Payroll.ini
[2011/02/09 15:24:50 | 000,320,000 | ---- | C] () -- C:\Windows\System32\log4cplusU.dll
[2011/01/01 12:13:53 | 000,000,129 | ---- | C] () -- C:\Windows\winhelp.ini
[2011/01/01 12:13:51 | 000,013,007 | ---- | C] () -- C:\Windows\123R5.INI
[2011/01/01 12:13:51 | 000,000,760 | ---- | C] () -- C:\Windows\lotus.ini
[2011/01/01 12:13:51 | 000,000,478 | ---- | C] () -- C:\Windows\LODBF04.INI
[2010/12/21 13:45:03 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/12/21 13:45:03 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/12/13 08:18:39 | 000,038,446 | ---- | C] () -- C:\Users\harrisons-PC-new\AppData\Roaming\Microsoft Excel.ADR
[2010/12/11 09:46:33 | 000,591,878 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/09/27 11:39:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\SageSantander.dll
[2010/09/14 11:35:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SageBankOfAmerica.dll
[2010/08/09 12:56:15 | 000,001,356 | ---- | C] () -- C:\Users\harrisons-PC-new\AppData\Local\d3d9caps.dat
[2010/07/09 15:14:20 | 000,152,632 | ---- | C] () -- C:\Windows\hppins09.dat.temp
[2010/07/08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/07/07 10:48:00 | 000,282,624 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2010/07/07 10:47:54 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2010/07/07 10:47:50 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2010/07/07 10:47:48 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2010/07/07 10:47:48 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDt32.dll
[2010/07/07 10:47:42 | 000,258,048 | ---- | C] () -- C:\Windows\System32\SGSchemeXml.dll
[2010/07/07 10:47:34 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2010/07/07 10:47:32 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2010/07/07 10:47:26 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2010/07/07 10:47:18 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2010/07/07 10:46:30 | 000,241,664 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2010/07/07 07:05:41 | 000,000,025 | ---- | C] () -- C:\Users\harrisons-PC-new\AppData\Roaming\bdfvconp.ini
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/07/06 18:36:29 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2010/07/06 18:36:29 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2010/05/05 07:24:03 | 000,064,512 | ---- | C] () -- C:\Users\harrisons-PC-new\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 15:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/05/02 07:59:27 | 000,040,960 | ---- | C] () -- C:\Windows\System32\RepDes32.exe
[2010/05/02 07:59:03 | 000,032,256 | ---- | C] () -- C:\Windows\System32\_RegTLB.dll
[2010/05/01 20:51:50 | 000,000,209 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2010/05/01 20:51:23 | 000,000,672 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010/05/01 20:49:53 | 000,150,996 | ---- | C] () -- C:\Windows\hppins09.dat
[2010/05/01 20:49:53 | 000,004,144 | ---- | C] () -- C:\Windows\hppmdl09.dat
[2010/05/01 20:49:47 | 000,000,621 | ---- | C] () -- C:\Windows\System32\hppapr09.dat
[2010/05/01 11:13:58 | 000,000,585 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/01 11:13:57 | 000,000,502 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/05/01 07:55:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/01 07:55:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/25 10:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2010/01/13 09:25:26 | 000,017,408 | ---- | C] () -- C:\Windows\System32\SgDate.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/23 09:53:16 | 000,076,688 | ---- | C] () -- C:\Windows\System32\drivers\jraid.sys
[2009/05/23 09:50:07 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/05/23 09:50:06 | 000,308,248 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
[2009/05/23 09:49:02 | 000,173,576 | ---- | C] () -- C:\Windows\System32\drivers\ahcix86s.sys
[2009/05/23 09:08:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/15 10:36:50 | 000,014,344 | ---- | C] () -- C:\Windows\UN060501.INI
[2009/05/15 10:36:50 | 000,005,434 | ---- | C] () -- C:\Windows\UN070209.INI
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2008/12/22 10:26:34 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2008/12/22 10:26:30 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2008/10/07 16:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 16:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/01/21 03:13:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\errdev.sys
[2008/01/21 03:11:16 | 000,045,568 | ---- | C] () -- C:\Windows\System32\drivers\blbdrive.sys
[2008/01/21 03:10:19 | 000,386,616 | ---- | C] () -- C:\Windows\System32\drivers\MegaSR.sys
[2008/01/21 02:23:23 | 000,096,312 | ---- | C] () -- C:\Windows\System32\drivers\lsi_scsi.sys
[2008/01/21 02:23:20 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\sermouse.sys
[2008/01/21 02:23:00 | 000,017,976 | ---- | C] () -- C:\Windows\System32\drivers\intelide.sys
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/07/09 15:10:00 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2007/07/09 15:08:56 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2007/07/09 15:08:50 | 000,200,704 | ---- | C] () -- C:\Windows\System32\SGTBar32.dll
[2007/07/09 15:08:46 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SgStat32.dll
[2007/07/09 15:08:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2007/07/09 15:08:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGLogo32.dll
[2007/07/09 15:08:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\SGCDlg32.dll
[2007/07/09 15:08:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SGAppBar.dll
[2007/07/09 15:08:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SG3D32.dll
[2007/03/16 16:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,407,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,620,432 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,113,138 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:38:56 | 000,013,568 | ---- | C] () -- C:\Windows\System32\drivers\BrFiltLo.sys
[2006/11/02 09:38:00 | 000,011,904 | ---- | C] () -- C:\Windows\System32\drivers\BrUsbSer.sys
[2006/11/02 09:37:31 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2006/11/02 09:37:24 | 000,005,248 | ---- | C] () -- C:\Windows\System32\drivers\BrFiltUp.sys
[2006/11/02 09:36:51 | 000,062,336 | ---- | C] () -- C:\Windows\System32\drivers\BrSerWdm.sys
[2006/11/02 09:22:06 | 000,071,808 | ---- | C] () -- C:\Windows\System32\drivers\BrSerId.sys
[2006/11/02 09:03:00 | 000,248,832 | ---- | C] () -- C:\Windows\System32\drivers\rdpdr.sys
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:55:23 | 000,039,936 | ---- | C] () -- C:\Windows\System32\drivers\bthmodem.sys
[2006/11/02 08:55:22 | 000,029,184 | ---- | C] () -- C:\Windows\System32\drivers\hidbth.sys
[2006/11/02 08:55:09 | 000,068,608 | ---- | C] () -- C:\Windows\System32\drivers\usbcir.sys
[2006/11/02 08:55:08 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\circlass.sys
[2006/11/02 08:55:01 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\hidir.sys
[2006/11/02 08:52:52 | 000,020,608 | ---- | C] () -- C:\Windows\System32\drivers\wacompen.sys
[2006/11/02 08:52:40 | 000,094,776 | ---- | C] () -- C:\Windows\System32\drivers\msdsm.sys
[2006/11/02 08:52:38 | 000,105,016 | ---- | C] () -- C:\Windows\System32\drivers\mpio.sys
[2006/11/02 08:51:45 | 000,076,392 | ---- | C] () -- C:\Windows\System32\drivers\sbp2port.sys
[2006/11/02 08:51:40 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 08:51:40 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\sffp_mmc.sys
[2006/11/02 08:51:40 | 000,011,776 | ---- | C] () -- C:\Windows\System32\drivers\sffp_sd.sys
[2006/11/02 08:51:38 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\sffdisk.sys
[2006/11/02 08:51:37 | 000,030,264 | ---- | C] () -- C:\Windows\System32\drivers\i2omp.sys
[2006/11/02 08:51:36 | 000,028,728 | ---- | C] () -- C:\Windows\System32\drivers\msahci.sys
[2006/11/02 08:51:36 | 000,020,024 | ---- | C] () -- C:\Windows\System32\drivers\viaide.sys
[2006/11/02 08:51:36 | 000,017,976 | ---- | C] () -- C:\Windows\System32\drivers\amdide.sys
[2006/11/02 08:51:35 | 000,019,000 | ---- | C] () -- C:\Windows\System32\drivers\cmdide.sys
[2006/11/02 08:51:35 | 000,017,464 | ---- | C] () -- C:\Windows\System32\drivers\aliide.sys
[2006/11/02 08:51:30 | 000,083,456 | ---- | C] () -- C:\Windows\System32\drivers\serial.sys
[2006/11/02 08:51:30 | 000,079,360 | ---- | C] () -- C:\Windows\System32\drivers\parport.sys
[2006/11/02 08:51:25 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\serenum.sys
[2006/11/02 08:51:23 | 000,008,704 | ---- | C] () -- C:\Windows\System32\drivers\parvdm.sys
[2006/11/02 08:42:03 | 000,064,512 | ---- | C] () -- C:\Windows\System32\drivers\IPMIDrv.sys
[2006/11/02 08:35:13 | 000,167,528 | ---- | C] () -- C:\Windows\System32\drivers\pcmcia.sys
[2006/11/02 08:35:11 | 000,049,720 | ---- | C] () -- C:\Windows\System32\drivers\isapnp.sys
[2006/11/02 08:35:08 | 000,109,112 | ---- | C] () -- C:\Windows\System32\drivers\NV_AGP.SYS
[2006/11/02 08:35:08 | 000,060,984 | ---- | C] () -- C:\Windows\System32\drivers\ULIAGPKX.SYS
[2006/11/02 08:35:07 | 000,061,496 | ---- | C] () -- C:\Windows\System32\drivers\GAGP30KX.SYS
[2006/11/02 08:35:07 | 000,059,448 | ---- | C] () -- C:\Windows\System32\drivers\UAGP35.SYS
[2006/11/02 08:35:07 | 000,056,888 | ---- | C] () -- C:\Windows\System32\drivers\VIAAGP.SYS
[2006/11/02 08:35:06 | 000,057,400 | ---- | C] () -- C:\Windows\System32\drivers\AMDAGP.SYS
[2006/11/02 08:35:06 | 000,056,376 | ---- | C] () -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 08:35:06 | 000,055,864 | ---- | C] () -- C:\Windows\System32\drivers\SISAGP.SYS
[2006/11/02 08:35:03 | 000,020,792 | ---- | C] () -- C:\Windows\System32\drivers\compbatt.sys
[2006/11/02 08:30:19 | 000,041,472 | ---- | C] () -- C:\Windows\System32\drivers\viac7.sys
[2006/11/02 08:30:18 | 000,044,032 | ---- | C] () -- C:\Windows\System32\drivers\amdk8.sys
[2006/11/02 08:30:18 | 000,041,472 | ---- | C] () -- C:\Windows\System32\drivers\amdk7.sys
[2006/11/02 08:30:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\drivers\processr.sys
[2006/11/02 08:30:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\drivers\crusoe.sys
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:36:50 | 000,020,608 | ---- | C] () -- C:\Windows\System32\drivers\ntrigdigi.sys
[2006/11/02 07:36:49 | 000,071,272 | ---- | C] () -- C:\Windows\System32\drivers\djsvs.sys
[2006/11/02 07:36:48 | 000,238,648 | ---- | C] () -- C:\Windows\System32\drivers\uliahci.sys
[2006/11/02 07:36:48 | 000,130,616 | ---- | C] () -- C:\Windows\System32\drivers\vsmraid.sys
[2006/11/02 07:36:48 | 000,106,088 | ---- | C] () -- C:\Windows\System32\drivers\ql40xx.sys
[2006/11/02 07:36:48 | 000,074,808 | ---- | C] () -- C:\Windows\System32\drivers\sisraid4.sys
[2006/11/02 07:36:48 | 000,041,016 | ---- | C] () -- C:\Windows\System32\drivers\sisraid2.sys
[2006/11/02 07:36:47 | 001,122,360 | ---- | C] () -- C:\Windows\System32\drivers\ql2300.sys
[2006/11/02 07:36:47 | 000,096,312 | ---- | C] () -- C:\Windows\System32\drivers\lsi_fc.sys
[2006/11/02 07:36:47 | 000,035,944 | ---- | C] () -- C:\Windows\System32\drivers\symc8xx.sys
[2006/11/02 07:36:47 | 000,034,920 | ---- | C] () -- C:\Windows\System32\drivers\sym_u3.sys
[2006/11/02 07:36:47 | 000,031,848 | ---- | C] () -- C:\Windows\System32\drivers\sym_hi.sys
[2006/11/02 07:36:46 | 000,115,816 | ---- | C] () -- C:\Windows\System32\drivers\ulsata2.sys
[2006/11/02 07:36:46 | 000,102,968 | ---- | C] () -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 07:36:46 | 000,098,408 | ---- | C] () -- C:\Windows\System32\drivers\ulsata.sys
[2006/11/02 07:36:46 | 000,089,656 | ---- | C] () -- C:\Windows\System32\drivers\lsi_sas.sys
[2006/11/02 07:36:46 | 000,045,112 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 07:36:45 | 000,035,944 | ---- | C] () -- C:\Windows\System32\drivers\iteatapi.sys
[2006/11/02 07:36:45 | 000,033,384 | ---- | C] () -- C:\Windows\System32\drivers\Mraid35x.sys
[2006/11/02 07:36:45 | 000,031,288 | ---- | C] () -- C:\Windows\System32\drivers\megasas.sys
[2006/11/02 07:36:44 | 000,342,584 | ---- | C] () -- C:\Windows\System32\drivers\elxstor.sys
[2006/11/02 07:36:44 | 000,235,064 | ---- | C] () -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 07:36:44 | 000,079,928 | ---- | C] () -- C:\Windows\System32\drivers\arcsas.sys
[2006/11/02 07:36:44 | 000,079,416 | ---- | C] () -- C:\Windows\System32\drivers\arc.sys
[2006/11/02 07:36:44 | 000,045,160 | ---- | C] () -- C:\Windows\System32\drivers\nfrd960.sys
[2006/11/02 07:36:44 | 000,041,576 | ---- | C] () -- C:\Windows\System32\drivers\iirsp.sys
[2006/11/02 07:36:44 | 000,040,504 | ---- | C] () -- C:\Windows\System32\drivers\HpCISSs.sys
[2006/11/02 07:36:44 | 000,035,944 | ---- | C] () -- C:\Windows\System32\drivers\iteraid.sys
[2006/11/02 07:36:43 | 000,422,968 | ---- | C] () -- C:\Windows\System32\drivers\adp94xx.sys
[2006/11/02 07:36:43 | 000,300,600 | ---- | C] () -- C:\Windows\System32\drivers\adpahci.sys
[2006/11/02 07:36:43 | 000,149,560 | ---- | C] () -- C:\Windows\System32\drivers\adpu320.sys
[2006/11/02 07:36:43 | 000,101,432 | ---- | C] () -- C:\Windows\System32\drivers\adpu160m.sys
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 15:41:24 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLch32.dll
[2006/11/01 15:41:16 | 001,724,416 | ---- | C] () -- C:\Windows\System32\SGRep32.dll
[2006/11/01 14:50:40 | 000,126,976 | R--- | C] () -- C:\Windows\System32\PDFInstall.exe
[2004/08/24 10:29:56 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SDOApp.dll
[2004/07/08 07:19:56 | 000,001,187 | ---- | C] () -- C:\Windows\Sageintl.ini
[2004/06/09 09:57:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\Install.exe
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/04/16 10:27:54 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[1999/10/25 09:53:58 | 000,000,008 | ---- | C] () -- C:\Windows\Sage.ini
[1998/03/26 00:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\TMailRL.sys
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\TMail3FL.SYS
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\rlfnlf.sys
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\flfnlf.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 10 bytes -> C:\Users\harrisons-PC-new\Desktop\tdsskiller.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Users\harrisons-PC-new\Desktop\rip-bluray.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Users\harrisons-PC-new\Desktop\OTL.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Users\harrisons-PC-new\Desktop\MobileMeSetup.exe:BDU

< End of report >


Extras log..

OTL Extras logfile created on: 21/01/2012 23:03:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\harrisons-PC-new\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 51.65% Memory free
6.71 Gb Paging File | 5.06 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 197.10 Gb Total Space | 44.38 Gb Free Space | 22.52% Space Free | Partition Type: NTFS
Drive D: | 390.28 Gb Total Space | 382.89 Gb Free Space | 98.11% Space Free | Partition Type: NTFS

Computer Name: HARRISONS-NEW | User Name: harrisons-PC-new | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1413803913-1652693615-406530422-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{144FF4B8-334C-4A12-89C8-F94E7B943544}" = lport=139 | protocol=6 | dir=in | app=system |
"{1F2DA32C-5FAB-4957-ADBC-99330DDC90BE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5707622F-F1BC-44F1-BEE0-41957DE3C028}" = lport=138 | protocol=17 | dir=in | app=system |
"{661655D9-09E4-482D-9035-876BC11AEB75}" = rport=139 | protocol=6 | dir=out | app=system |
"{71DE0FFB-03F2-4D8C-A460-5E7982EC74F1}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A5A156C-E04A-4A14-A25A-56602B95B657}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{A5C98308-F718-452C-8AB7-5C5CB480B409}" = lport=445 | protocol=6 | dir=in | app=system |
"{BFC7C6E0-27CF-4107-AA4C-9E9F0C644E9B}" = rport=445 | protocol=6 | dir=out | app=system |
"{E4E19EDB-A014-4688-8AA0-63BA488488AF}" = rport=138 | protocol=17 | dir=out | app=system |
"{E888FD31-3534-4498-94E7-C2DA559747FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E92E6C42-71DD-4AF3-8D20-7BBDA738C931}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{FF60965B-953C-495E-B4D4-B22D44E0E07F}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0157B1BE-CF20-4D16-B1EF-D03E255D4826}" = protocol=17 | dir=in | app=c:\users\harrisons-pc-new\appdata\roaming\dropbox\bin\dropbox.exe |
"{10DEEF54-28D5-4A01-BD33-6788E6B847BD}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{16B56932-DB4C-4B48-8713-0A2E37A72F51}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{2A3ABA56-A675-48F7-9269-BFFAA42DC62A}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{4193F19F-90C9-482D-B0E8-E6A9EF09ECD5}" = protocol=6 | dir=in | app=c:\program files\microsoft office2010\office14\onenote.exe |
"{4E3109E5-48E9-4597-A24B-D96D6B4F2F10}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{578C1920-03AF-4F94-80BF-503A9763BAF6}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{683B1FC2-C180-4987-9DA5-07AC326DEA97}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7CA11344-2CEE-4584-BE1A-C1F2FB720ACF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7CBEA2DB-43F5-46F9-927F-66B0114A2BAB}" = protocol=6 | dir=in | app=c:\users\harrisons-pc-new\appdata\roaming\dropbox\bin\dropbox.exe |
"{89615E21-ACBB-4051-BBE2-8BC8EE5C836C}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"{96B0BB6F-DFDB-4B03-8CB8-F4D9FCD05037}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B288730E-4E55-477C-A7F8-BEF0AE6AE1FE}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasinst.exe |
"{B9DE1CC9-42BF-4CE5-AD01-A496F1EC0E7D}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{BC2CB100-6E48-4E49-A021-A2047EF506A3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D79D7F6F-BAFF-4E13-A84C-7D291860FB5B}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"{FE073EE3-CE39-4021-9546-C658010BC1E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office2010\office14\onenote.exe |
"{FED5CEC4-6FA1-47D5-9052-B5769BCF7D8D}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasinst.exe |
"{FF5D6A69-C0CB-49DB-A062-629117870C2F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1401311D-3960-4CEB-AC0B-4214F069E5B9}" = Sonos Desktop Controller
"{15805DAF-22AD-4FCA-9469-78440B266046}" = hpzTLBXFX
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1BF84DA0-739B-4377-924E-CFE971C3D1BE}" = Payroll for Windows
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{223C0721-A6B0-4853-88C0-331029841734}" = HP Color LaserJet CP1510 Series 4.0
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3215CE05-DB3D-4913-B55A-91E91D322C12}" = Payroll for Windows
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E4A5C6E-ADCF-444F-BBA5-4F1F6C4A172A}" = hppPQVideoCP1510
"{3FC29AC3-68C5-4D75-9681-F53D2B393E80}" = DotNet20withMsi30
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{46B35AC9-BE50-4BC4-A308-4EDEBF3D046F}" = Accounts
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4AFB8A11-6B6C-4E75-8784-628994C77FE1}" = Sage 50 Payroll
"{5167F747-709D-4990-A7F9-6F93D106930F}" = HPOARInstall
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59AB7E85-011F-461C-82BA-EFBFE50FFD39}" = Payroll for Windows
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FE92453-1E04-4385-9D3B-D9B3F02F556A}" = Payroll for Windows
"{600CF34A-89F8-4A30-9039-BF5C20C5E84E}" = MP4-based Video Downloader
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B67EB21-2EBB-4492-B3AD-6D96DC01B160}" = hppManualsCP1510
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ADCEEA0-AC82-4360-AD6B-CCF01B66F9DB}" = hppusgCP1510
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D7FBFCA-6739-48B0-B39A-E1B2BFB2D85C}" = calibre
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9B4F367E-94AD-40A4-8060-460CE4A98C45}" = SageAcc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A14D8BD3-ACFC-4846-AFE2-43D4CF80EFA4}" = Payroll for Windows
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A2B7B3E9-479A-4973-9864-C4E930118C9F}" = Payroll for Windows
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1510103-0038-4967-8975-E17D2A591033}" = Nero 8 Essentials
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B592D5B2-D758-46F2-9250-EB18AB5F37F3}" = Payroll for Windows
"{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}" = BitDefender Internet Security 2011
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B7DCFAFF-D984-4A8A-96DC-A55869C37103}" = System Recovery
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{C3D42D3F-9692-4E63-96F4-B3EA040A0E8F}" = Swivellers Cribbage
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C85E82CA-6BA3-4A6E-995A-5A9D09581328}" = SolidWorks eDrawings 2010
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{D8386EF2-4D2B-49D5-8DD6-FBF04F59251C}" = Sage 50 Payroll
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F7DC8BCA-F188-4166-ACD3-521FF003FEDC}" = hppTLBXFXCP1510
"{FA586006-3667-4F43-97E7-98E2A39A41A6}" = Payroll for Windows
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BitDefender" = BitDefender Internet Security 2011
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"Google Desktop" = Google Desktop
"HP Toner Cartridge Authentication" = HP Toner Cartridge Authentication
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{46B35AC9-BE50-4BC4-A308-4EDEBF3D046F}" = Sage 50 Accounts 2008
"InstallShield_{9B4F367E-94AD-40A4-8060-460CE4A98C45}" = Sage Accounts V11.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa2" = Picasa 2
"Rapport_msi" = Rapport
"ShopFactory V8 Total Care_is1" = ShopFactory V8 Total Care
"ShopFactory V8_is1" = ShopFactory V8 theme MTI-DD_1024 x -
"ShopFactory V9_is1" = ShopFactory V9
"Switch" = Switch Sound File Converter
"UN060501" = BUFFALO NAS Navigator
"UN070209" = Uninstall of File Security Tool
"WePrint" = WePrint
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/01/2012 08:36:39 | Computer Name = harrisons-new | Source = WinMgmt | ID = 10
Description =

Error - 19/01/2012 15:20:39 | Computer Name = harrisons-new | Source = WinMgmt | ID = 10
Description =

Error - 20/01/2012 02:50:28 | Computer Name = harrisons-new | Source = WinMgmt | ID = 10
Description =

Error - 20/01/2012 03:21:56 | Computer Name = harrisons-new | Source = Application Error | ID = 1000
Description = Faulting application SBDDesktop.exe, version 2.0.0.111, time stamp
0x4c60029f, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xe06d7363, fault offset 0x0003fc56, process id 0x14a4, application
start time 0x01ccd74367c0d067.

Error - 20/01/2012 03:53:39 | Computer Name = harrisons-new | Source = WinMgmt | ID = 10
Description =

Error - 20/01/2012 04:22:16 | Computer Name = harrisons-new | Source = WinMgmt | ID = 10
Description =

Error - 20/01/2012 18:40:01 | Computer Name = harrisons-new | Source = VSS | ID = 8193
Description =

Error - 20/01/2012 18:40:01 | Computer Name = harrisons-new | Source = VSS | ID = 12291
Description =

Error - 21/01/2012 03:52:51 | Computer Name = harrisons-new | Source = WinMgmt | ID = 10
Description =

Error - 21/01/2012 14:28:15 | Computer Name = harrisons-new | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 20/01/2012 03:10:43 | Computer Name = harrisons-new | Source = DCOM | ID = 10016
Description =

Error - 20/01/2012 03:52:18 | Computer Name = harrisons-new | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Color LaserJet CP1510
Series PCL 6 with shared resource name HP Color LaserJet CP1510 Series PCL 6 SAH.
Error 2114. The printer cannot be used by others on the network.

Error - 20/01/2012 03:52:18 | Computer Name = harrisons-new | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother HL-1430 with shared
resource name Brother HL-1430 SAH. Error 2114. The printer cannot be used by others
on the network.

Error - 20/01/2012 03:53:14 | Computer Name = harrisons-new | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 20/01/2012 04:22:05 | Computer Name = harrisons-new | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 21/01/2012 03:55:43 | Computer Name = harrisons-new | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 21/01/2012 03:56:22 | Computer Name = harrisons-new | Source = DCOM | ID = 10016
Description =

Error - 21/01/2012 03:59:05 | Computer Name = harrisons-new | Source = DCOM | ID = 10016
Description =

Error - 21/01/2012 06:50:05 | Computer Name = harrisons-new | Source = DCOM | ID = 10016
Description =

Error - 21/01/2012 14:35:13 | Computer Name = harrisons-new | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >


SFC bombed out at 42% again - log below..

2012-01-22 00:18:33, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:18:33, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2012-01-22 00:18:36, Info CSI 00000009 [SR] Verify complete
2012-01-22 00:18:37, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2012-01-22 00:18:37, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2012-01-22 00:18:40, Info CSI 0000000d [SR] Verify complete
2012-01-22 00:18:41, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2012-01-22 00:18:41, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2012-01-22 00:18:46, Info CSI 00000011 [SR] Verify complete
2012-01-22 00:18:46, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:18:46, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2012-01-22 00:18:48, Info CSI 00000015 [SR] Verify complete
2012-01-22 00:18:49, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:18:49, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2012-01-22 00:18:50, Info CSI 00000019 [SR] Verify complete
2012-01-22 00:18:51, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2012-01-22 00:18:51, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2012-01-22 00:18:52, Info CSI 0000001d [SR] Verify complete
2012-01-22 00:18:53, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2012-01-22 00:18:53, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2012-01-22 00:18:54, Info CSI 00000021 [SR] Verify complete
2012-01-22 00:18:55, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:18:55, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2012-01-22 00:18:56, Info CSI 00000025 [SR] Verify complete
2012-01-22 00:18:57, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:18:57, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2012-01-22 00:18:58, Info CSI 00000029 [SR] Verify complete
2012-01-22 00:18:59, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2012-01-22 00:18:59, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:01, Info CSI 0000002d [SR] Verify complete
2012-01-22 00:19:01, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:01, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:03, Info CSI 00000031 [SR] Verify complete
2012-01-22 00:19:03, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:03, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:05, Info CSI 00000035 [SR] Verify complete
2012-01-22 00:19:06, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:06, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:07, Info CSI 00000039 [SR] Verify complete
2012-01-22 00:19:08, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:08, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:09, Info CSI 0000003d [SR] Verify complete
2012-01-22 00:19:10, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:10, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:11, Info CSI 00000041 [SR] Verify complete
2012-01-22 00:19:12, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:12, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:14, Info CSI 00000045 [SR] Verify complete
2012-01-22 00:19:14, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:14, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:16, Info CSI 00000049 [SR] Verify complete
2012-01-22 00:19:17, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:17, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:19, Info CSI 0000004d [SR] Verify complete
2012-01-22 00:19:20, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:20, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:22, Info CSI 00000051 [SR] Verify complete
2012-01-22 00:19:22, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:22, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:24, Info CSI 00000055 [SR] Verify complete
2012-01-22 00:19:25, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:25, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:26, Info CSI 00000059 [SR] Verify complete
2012-01-22 00:19:27, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:27, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:31, Info CSI 0000005d [SR] Verify complete
2012-01-22 00:19:32, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:32, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:35, Info CSI 00000061 [SR] Verify complete
2012-01-22 00:19:36, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:36, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:43, Info CSI 00000065 [SR] Verify complete
2012-01-22 00:19:44, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:44, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:48, Info CSI 0000006a [SR] Verify complete
2012-01-22 00:19:49, Info CSI 0000006b [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:49, Info CSI 0000006c [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:54, Info CSI 0000006f [SR] Verify complete
2012-01-22 00:19:55, Info CSI 00000070 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:19:55, Info CSI 00000071 [SR] Beginning Verify and Repair transaction
2012-01-22 00:19:59, Info CSI 00000073 [SR] Verify complete
2012-01-22 00:20:00, Info CSI 00000074 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:20:00, Info CSI 00000075 [SR] Beginning Verify and Repair transaction
2012-01-22 00:20:06, Info CSI 0000007f [SR] Verify complete
2012-01-22 00:20:07, Info CSI 00000080 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:20:07, Info CSI 00000081 [SR] Beginning Verify and Repair transaction
2012-01-22 00:20:12, Info CSI 00000083 [SR] Verify complete
2012-01-22 00:20:13, Info CSI 00000084 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:20:13, Info CSI 00000085 [SR] Beginning Verify and Repair transaction
2012-01-22 00:20:18, Info CSI 00000087 [SR] Verify complete
2012-01-22 00:20:19, Info CSI 00000088 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:20:19, Info CSI 00000089 [SR] Beginning Verify and Repair transaction
2012-01-22 00:20:23, Info CSI 0000008b [SR] Verify complete
2012-01-22 00:20:24, Info CSI 0000008c [SR] Verifying 100 (0x00000064) components
2012-01-22 00:20:24, Info CSI 0000008d [SR] Beginning Verify and Repair transaction
2012-01-22 00:20:30, Info CSI 0000008f [SR] Verify complete
2012-01-22 00:20:31, Info CSI 00000090 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:20:31, Info CSI 00000091 [SR] Beginning Verify and Repair transaction
2012-01-22 00:20:40, Info CSI 00000095 [SR] Verify complete
2012-01-22 00:20:41, Info CSI 00000096 [SR] Verifying 100 (0x00000064) components
2012-01-22 00:20:41, Info CSI 00000097 [SR] Beginning Verify and Repair transaction
2012-01-22 00:20:50, Info CSI 00000099 [SR] Verify complete
2012-01-22 00:20:51, Info CSI 0000009a [SR] Verifying 100 (0x00000064) components
2012-01-22 00:20:51, Info CSI 0000009b [SR] Beginning Verify and Repair transaction
2012-01-22 00:20:51, Info CSI 0000009c [SR] Cannot repair member file [l:20{10}]"ariali.ttf" of Microsoft-Windows-Font-TrueType-Arial, Version = 6.0.6002.18472, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-01-22 00:20:51, Info CSI 0000009d [SR] Cannot repair member file [l:22{11}]"arialbi.ttf" of Microsoft-Windows-Font-TrueType-Arial, Version = 6.0.6002.18472, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-01-22 00:20:51, Info CSI 0000009e [SR] Cannot repair member file [l:22{11}]"arialbd.ttf" of Microsoft-Windows-Font-TrueType-Arial, Version = 6.0.6002.18472, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-01-22 00:20:51, Info CSI 0000009f [SR] Cannot repair member file [l:18{9}]"arial.ttf" of Microsoft-Windows-Font-TrueType-Arial, Version = 6.0.6002.18472, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-01-22 00:20:57, Info CSI 000000a0 [SR] Cannot repair member file [l:22{11}]"verdana.ttf" of Microsoft-Windows-Font-TrueType-Verdana, Version = 6.0.6002.18472, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-01-22 00:20:59, Info CSI 000000a1 [SR] Cannot repair member file [l:44{22}]"invalidateFntcache.exe" of Microsoft-Windows-GC-InvalidateFntcache-02, Version = 6.0.6002.18472, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-01-22 00:21:02, Info CSI 000000a2 [SR] Cannot repair member file [l:44{22}]"invalidateFntcache.exe" of Microsoft-Windows-GC-InvalidateFntcache-02, Version = 6.0.6002.18472, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-01-22 00:21:02, Info CSI 000000a3 [SR] This component was referenced by [l:150{75}]"Package_1_for_KB2545698~31bf3856ad364e35~x86~~6.0.1.1.2545698-2_neutral_GDR"
2012-01-22 00:21:05, Info CSI 000000a4 [SR] Cannot repair member file [l:22{11}]"verdana.ttf" of Microsoft-Windows-Font-TrueType-Verdana, Version = 6.0.6002.18472, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-01-22 00:21:05, Info CSI 000000a5 [SR] This component was referenced by [l:150{75}]"Package_2_for_KB2545698~31bf3856ad364e35~x86~~6.0.1.1.2545698-4_neutral_GDR"



THAT'S THE LOT FOR NOW!!

Thanks as ever!
Cheers,
Simon
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Sounds like BitDefender is still off.

SFC is complaining about a bunch of files being missing. Let's see if they really are:

Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
ariali.ttf
arialbi.ttf
arialbd.ttf
arial.ttf
verdana.ttf
invalidateFntcache.exe
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

Please copy and paste the log.


Ron
  • 0

#27
bike vault

bike vault

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Ron,

OTL log:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
ariali.ttf
arialbi.ttf
arialbd.ttf
arial.ttf
verdana.ttf
invalidateFntcache.exe
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Cheers,

Simon
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
That is not the log. It's the script you are supposed to copy and paste to the Custom Scans/Fixes box. Then Run Scan. Copy and save the log you get after the scan.
  • 0

#29
bike vault

bike vault

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Ha! Apologies..

Here you go:


OTL logfile created on: 22/01/2012 17:08:04 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\harrisons-PC-new\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 47.45% Memory free
6.72 Gb Paging File | 5.03 Gb Available in Paging File | 74.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 197.10 Gb Total Space | 44.12 Gb Free Space | 22.39% Space Free | Partition Type: NTFS
Drive D: | 390.28 Gb Total Space | 382.89 Gb Free Space | 98.11% Space Free | Partition Type: NTFS

Computer Name: HARRISONS-NEW | User Name: harrisons-PC-new | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 23:01:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\harrisons-PC-new\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/20 08:13:59 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/12/20 08:13:39 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/21 13:47:14 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 15:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/07/18 15:34:16 | 000,066,616 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP Toner Cartridge Authentication\hpcra112.exe
PRC - [2011/07/10 09:46:26 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011/07/10 09:46:23 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011/07/10 09:46:18 | 000,101,640 | ---- | M] (BitDefender) -- C:\Program Files\BitDefender\BitDefender 2011\downloader.exe
PRC - [2011/07/10 09:45:58 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011/07/10 09:45:31 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 19:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office2010\Office14\ONENOTEM.EXE
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 07:58:22 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/12 07:57:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 07:40:02 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 07:39:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 07:39:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 07:39:11 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
MOD - [2011/10/12 07:38:28 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 07:36:29 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/08 12:44:52 | 000,177,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpdsm112\1.1.209.3492__92708d3652311a55\hpdsm112.dll
MOD - [2011/08/08 12:44:51 | 000,248,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.EnterpriseLibrary.Logging\4.1.0.0__31bf3856ad364e35\Microsoft.Practices.EnterpriseLibrary.Logging.dll
MOD - [2011/08/08 12:44:51 | 000,088,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling\4.1.0.0__31bf3856ad364e35\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll
MOD - [2011/08/08 12:44:51 | 000,076,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.ObjectBuilder2\2.2.0.0__31bf3856ad364e35\Microsoft.Practices.ObjectBuilder2.dll
MOD - [2011/08/08 12:44:51 | 000,039,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging\4.1.0.0__31bf3856ad364e35\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2011/08/08 12:44:51 | 000,012,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpial112\1.1.209.3492__08d8d51b4e6db1b8\hpial112.dll
MOD - [2011/08/08 12:44:50 | 000,187,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.EnterpriseLibrary.Common\4.1.0.0__31bf3856ad364e35\Microsoft.Practices.EnterpriseLibrary.Common.dll
MOD - [2011/08/08 12:44:50 | 000,150,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpiac112\1.1.209.3492__d68a3677294c43a1\hpiac112.dll
MOD - [2011/07/10 09:46:17 | 000,109,344 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\connector.dll
MOD - [2011/07/10 09:46:12 | 000,189,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\txmlutil.dll
MOD - [2011/07/10 09:45:40 | 000,185,040 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\framework.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/20 08:13:59 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/20 08:13:39 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/07/10 09:46:26 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2011/07/10 09:45:58 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/11/30 06:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010/05/02 15:45:34 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/04/02 20:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/05/15 10:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [On_Demand | Stopped] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 08:13:41 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/15 17:07:16 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/07/19 08:12:12 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/10 09:46:40 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011/07/10 09:46:12 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/24 14:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/11/29 13:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010/11/29 13:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010/08/20 17:41:52 | 000,126,800 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010/08/20 14:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010/05/13 15:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/01/08 09:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/27 11:55:54 | 000,173,576 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/04/03 12:58:46 | 000,076,688 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/01/21 02:23:26 | 000,035,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/21 02:23:23 | 000,013,312 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/21 02:23:23 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2008/01/21 02:23:23 | 000,011,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2008/01/21 02:23:22 | 000,064,512 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2008/01/21 02:23:22 | 000,061,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2008/01/21 02:23:22 | 000,059,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2008/01/21 02:23:21 | 000,094,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/21 02:23:20 | 000,105,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/21 02:23:20 | 000,019,968 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/21 02:23:02 | 000,030,264 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/21 02:23:01 | 000,248,832 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/21 02:23:01 | 000,109,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2008/01/21 02:23:01 | 000,060,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2008/01/21 02:23:01 | 000,056,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/01/21 02:23:01 | 000,056,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/01/21 02:23:01 | 000,049,720 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/21 02:23:01 | 000,045,568 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/21 02:23:00 | 000,044,032 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/21 02:23:00 | 000,041,472 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/21 02:23:00 | 000,041,472 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/21 02:23:00 | 000,040,960 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2008/01/21 02:23:00 | 000,040,960 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/21 02:23:00 | 000,028,728 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/21 02:23:00 | 000,020,792 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/21 02:23:00 | 000,017,976 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/21 02:23:00 | 000,017,976 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/21 02:23:00 | 000,006,656 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\errdev.sys -- (ErrDev)
DRV - [2007/10/12 14:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/02 09:51:12 | 000,167,528 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 09:50:16 | 000,076,392 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 08:55:23 | 000,039,936 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 08:55:22 | 000,029,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 08:55:09 | 000,068,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 08:55:01 | 000,021,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 08:52:52 | 000,020,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 08:51:40 | 000,013,312 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 08:51:30 | 000,083,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 08:51:30 | 000,079,360 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 08:51:25 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 08:51:23 | 000,008,704 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=FUJD&bmod=FUJD

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 BD A6 21 05 EA CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIC279~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIC279~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/10/12 13:03:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2011/10/12 13:03:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\harrisons-PC-new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20111123062837 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://iris.webex.c...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5857DF30-BD72-4E2F-AA8F-CD8289F319FA}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/01 15:49:16 | 000,000,066 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f84a3071-5bf9-11df-ae4a-002421b3ce9b}\Shell\AutoRun\command - "" = K:\P-touch2430PC\P-touch2430PC.exe
O33 - MountPoints2\{f84a3071-5bf9-11df-ae4a-002421b3ce9b}\Shell\demo\command - "" = K:\P-touch2430PC\P-touch2430PC.exe
O33 - MountPoints2\{faa6240e-6ca5-11df-916e-002421b3ce9b}\Shell\AutoRun\command - "" = wdsync.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^harrisons-PC-new^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\harrisons-PC-new\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpFolder: C:^Users^harrisons-PC-new^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WePrint Server.lnk - C:\Program Files\WePrint\WePrint Server.exe - (EuroSmartz Ltd)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: FSCRecovery - hkey= - key= - c:\Program Files\Fujitsu\System Recovery\FSCRecoveryReminder.exe (Fujitsu Technology Solutions GmbH)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPPQVideo - hkey= - key= - File not found
MsConfig - StartUpReg: HPUsageTracking - hkey= - key= - C:\Program Files\HP\HP UT\bin\hppusg.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Reader Library Launcher - hkey= - key= - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: swg - hkey= - key= - File not found
MsConfig - StartUpReg: ToolBoxFX - hkey= - key= - C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - C:\Windows\system32\drivers\sermouse.sys ()
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - C:\Windows\system32\drivers\sermouse.sys ()
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 23:01:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\harrisons-PC-new\Desktop\OTL.exe
[2012/01/21 21:43:04 | 000,000,000 | ---D | C] -- C:\Users\harrisons-PC-new\AppData\Roaming\Malwarebytes
[2012/01/21 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/21 21:42:56 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/21 21:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/21 21:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/21 21:39:42 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\harrisons-PC-new\Desktop\aswMBR.exe
[2012/01/21 21:36:42 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\harrisons-PC-new\Desktop\tdsskiller.exe
[2012/01/21 20:56:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/21 18:32:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/21 16:48:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/21 16:47:25 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/01/21 16:46:11 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\harrisons-PC-new\Desktop\ComboFix.exe
[2012/01/21 16:42:43 | 000,000,000 | ---D | C] -- C:\Users\harrisons-PC-new\Desktop\malware
[2012/01/11 15:13:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 15:13:02 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 15:13:01 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/11 15:12:56 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 15:12:56 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/02 17:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/01/02 17:17:02 | 000,000,000 | ---D | C] -- C:\Users\harrisons-PC-new\AppData\Local\Windows Live
[2012/01/02 17:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/12/24 10:52:39 | 000,000,000 | ---D | C] -- C:\Users\harrisons-PC-new\Documents\OneNote Notebooks
[2011/12/24 09:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/24 09:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/12/24 09:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office2010
[2011/12/24 09:16:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2009/12/10 11:31:34 | 000,184,320 | R--- | C] ( ) -- C:\Windows\System32\SgE.interop.MSXML2.dll
[2006/12/12 09:59:08 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\Interop.MSXML2.dll

========== Files - Modified Within 30 Days ==========

[2012/01/22 16:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/22 16:20:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 16:20:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 08:20:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/22 08:20:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/22 08:20:26 | 3488,739,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/21 23:01:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\harrisons-PC-new\Desktop\OTL.exe
[2012/01/21 21:42:57 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 21:39:49 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\harrisons-PC-new\Desktop\aswMBR.exe
[2012/01/21 21:36:42 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\harrisons-PC-new\Desktop\tdsskiller.exe
[2012/01/21 20:56:37 | 000,000,000 | ---- | M] () -- C:\Start_.cmd
[2012/01/21 20:55:18 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\harrisons-PC-new\Desktop\ComboFix.exe
[2012/01/21 16:41:38 | 000,002,653 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2012/01/21 10:01:48 | 000,002,621 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Swivellers Cribbage.lnk
[2012/01/21 07:55:51 | 000,001,123 | ---- | M] () -- C:\Users\harrisons-PC-new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/01/21 07:55:38 | 000,002,585 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft OneNote 2010.lnk
[2012/01/20 15:03:08 | 000,002,611 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2012/01/14 20:12:38 | 000,620,432 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/14 20:12:38 | 000,113,138 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/12 07:03:12 | 000,000,944 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/03 06:54:05 | 000,407,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/29 18:27:55 | 000,086,345 | ---- | M] () -- C:\Users\harrisons-PC-new\Desktop\Capture.JPG
[2011/12/26 10:57:24 | 004,560,994 | ---- | M] () -- C:\Users\harrisons-PC-new\Desktop\P1000858.JPG
[2011/12/24 23:22:46 | 000,002,621 | ---- | M] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk

========== Files Created - No Company Name ==========

[2012/01/21 21:42:57 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 20:56:37 | 000,000,000 | ---- | C] () -- C:\Start_.cmd
[2011/12/31 10:23:28 | 004,560,994 | ---- | C] () -- C:\Users\harrisons-PC-new\Desktop\P1000858.JPG
[2011/12/24 10:52:44 | 000,001,123 | ---- | C] () -- C:\Users\harrisons-PC-new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/12/24 09:31:07 | 000,002,653 | ---- | C] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/12/24 09:31:01 | 000,002,621 | ---- | C] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk
[2011/12/24 09:30:57 | 000,002,585 | ---- | C] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft OneNote 2010.lnk
[2011/12/24 09:30:39 | 000,002,611 | ---- | C] () -- C:\Users\harrisons-PC-new\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2011/07/05 06:05:54 | 000,002,033 | ---- | C] () -- C:\ProgramData\search_result.xml
[2011/03/23 07:21:09 | 000,000,054 | ---- | C] () -- C:\Windows\Payroll.ini
[2011/02/09 15:24:50 | 000,320,000 | ---- | C] () -- C:\Windows\System32\log4cplusU.dll
[2011/01/01 12:13:53 | 000,000,129 | ---- | C] () -- C:\Windows\winhelp.ini
[2011/01/01 12:13:51 | 000,013,007 | ---- | C] () -- C:\Windows\123R5.INI
[2011/01/01 12:13:51 | 000,000,760 | ---- | C] () -- C:\Windows\lotus.ini
[2011/01/01 12:13:51 | 000,000,478 | ---- | C] () -- C:\Windows\LODBF04.INI
[2010/12/21 13:45:03 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/12/21 13:45:03 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/12/13 08:18:39 | 000,038,446 | ---- | C] () -- C:\Users\harrisons-PC-new\AppData\Roaming\Microsoft Excel.ADR
[2010/12/11 09:46:33 | 000,591,878 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/09/27 11:39:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\SageSantander.dll
[2010/09/14 11:35:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SageBankOfAmerica.dll
[2010/08/09 12:56:15 | 000,001,356 | ---- | C] () -- C:\Users\harrisons-PC-new\AppData\Local\d3d9caps.dat
[2010/07/09 15:14:20 | 000,152,632 | ---- | C] () -- C:\Windows\hppins09.dat.temp
[2010/07/08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/07/07 10:48:00 | 000,282,624 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2010/07/07 10:47:54 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2010/07/07 10:47:50 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2010/07/07 10:47:48 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2010/07/07 10:47:48 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDt32.dll
[2010/07/07 10:47:42 | 000,258,048 | ---- | C] () -- C:\Windows\System32\SGSchemeXml.dll
[2010/07/07 10:47:34 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2010/07/07 10:47:32 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2010/07/07 10:47:26 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2010/07/07 10:47:18 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2010/07/07 10:46:30 | 000,241,664 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2010/07/07 07:05:41 | 000,000,025 | ---- | C] () -- C:\Users\harrisons-PC-new\AppData\Roaming\bdfvconp.ini
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/07/06 22:23:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/07/06 18:36:29 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2010/07/06 18:36:29 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2010/05/05 07:24:03 | 000,064,512 | ---- | C] () -- C:\Users\harrisons-PC-new\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 15:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/05/02 07:59:27 | 000,040,960 | ---- | C] () -- C:\Windows\System32\RepDes32.exe
[2010/05/02 07:59:03 | 000,032,256 | ---- | C] () -- C:\Windows\System32\_RegTLB.dll
[2010/05/01 20:51:50 | 000,000,209 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2010/05/01 20:51:23 | 000,000,672 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010/05/01 20:49:53 | 000,150,996 | ---- | C] () -- C:\Windows\hppins09.dat
[2010/05/01 20:49:53 | 000,004,144 | ---- | C] () -- C:\Windows\hppmdl09.dat
[2010/05/01 20:49:47 | 000,000,621 | ---- | C] () -- C:\Windows\System32\hppapr09.dat
[2010/05/01 11:13:58 | 000,000,585 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/01 11:13:57 | 000,000,502 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/05/01 07:55:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/01 07:55:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/25 10:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2010/01/13 09:25:26 | 000,017,408 | ---- | C] () -- C:\Windows\System32\SgDate.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/23 09:53:16 | 000,076,688 | ---- | C] () -- C:\Windows\System32\drivers\jraid.sys
[2009/05/23 09:50:07 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/05/23 09:50:06 | 000,308,248 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
[2009/05/23 09:49:02 | 000,173,576 | ---- | C] () -- C:\Windows\System32\drivers\ahcix86s.sys
[2009/05/23 09:08:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/15 10:36:50 | 000,014,344 | ---- | C] () -- C:\Windows\UN060501.INI
[2009/05/15 10:36:50 | 000,005,434 | ---- | C] () -- C:\Windows\UN070209.INI
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2008/12/22 10:26:34 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2008/12/22 10:26:30 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2008/10/07 16:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 16:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 16:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/01/21 03:13:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\errdev.sys
[2008/01/21 03:11:16 | 000,045,568 | ---- | C] () -- C:\Windows\System32\drivers\blbdrive.sys
[2008/01/21 03:10:19 | 000,386,616 | ---- | C] () -- C:\Windows\System32\drivers\MegaSR.sys
[2008/01/21 02:23:23 | 000,096,312 | ---- | C] () -- C:\Windows\System32\drivers\lsi_scsi.sys
[2008/01/21 02:23:20 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\sermouse.sys
[2008/01/21 02:23:00 | 000,017,976 | ---- | C] () -- C:\Windows\System32\drivers\intelide.sys
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/07/09 15:10:00 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2007/07/09 15:08:56 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2007/07/09 15:08:50 | 000,200,704 | ---- | C] () -- C:\Windows\System32\SGTBar32.dll
[2007/07/09 15:08:46 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SgStat32.dll
[2007/07/09 15:08:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2007/07/09 15:08:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGLogo32.dll
[2007/07/09 15:08:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\SGCDlg32.dll
[2007/07/09 15:08:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SGAppBar.dll
[2007/07/09 15:08:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SG3D32.dll
[2007/03/16 16:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,407,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,620,432 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,113,138 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:38:56 | 000,013,568 | ---- | C] () -- C:\Windows\System32\drivers\BrFiltLo.sys
[2006/11/02 09:38:00 | 000,011,904 | ---- | C] () -- C:\Windows\System32\drivers\BrUsbSer.sys
[2006/11/02 09:37:31 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2006/11/02 09:37:24 | 000,005,248 | ---- | C] () -- C:\Windows\System32\drivers\BrFiltUp.sys
[2006/11/02 09:36:51 | 000,062,336 | ---- | C] () -- C:\Windows\System32\drivers\BrSerWdm.sys
[2006/11/02 09:22:06 | 000,071,808 | ---- | C] () -- C:\Windows\System32\drivers\BrSerId.sys
[2006/11/02 09:03:00 | 000,248,832 | ---- | C] () -- C:\Windows\System32\drivers\rdpdr.sys
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:55:23 | 000,039,936 | ---- | C] () -- C:\Windows\System32\drivers\bthmodem.sys
[2006/11/02 08:55:22 | 000,029,184 | ---- | C] () -- C:\Windows\System32\drivers\hidbth.sys
[2006/11/02 08:55:09 | 000,068,608 | ---- | C] () -- C:\Windows\System32\drivers\usbcir.sys
[2006/11/02 08:55:08 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\circlass.sys
[2006/11/02 08:55:01 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\hidir.sys
[2006/11/02 08:52:52 | 000,020,608 | ---- | C] () -- C:\Windows\System32\drivers\wacompen.sys
[2006/11/02 08:52:40 | 000,094,776 | ---- | C] () -- C:\Windows\System32\drivers\msdsm.sys
[2006/11/02 08:52:38 | 000,105,016 | ---- | C] () -- C:\Windows\System32\drivers\mpio.sys
[2006/11/02 08:51:45 | 000,076,392 | ---- | C] () -- C:\Windows\System32\drivers\sbp2port.sys
[2006/11/02 08:51:40 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 08:51:40 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\sffp_mmc.sys
[2006/11/02 08:51:40 | 000,011,776 | ---- | C] () -- C:\Windows\System32\drivers\sffp_sd.sys
[2006/11/02 08:51:38 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\sffdisk.sys
[2006/11/02 08:51:37 | 000,030,264 | ---- | C] () -- C:\Windows\System32\drivers\i2omp.sys
[2006/11/02 08:51:36 | 000,028,728 | ---- | C] () -- C:\Windows\System32\drivers\msahci.sys
[2006/11/02 08:51:36 | 000,020,024 | ---- | C] () -- C:\Windows\System32\drivers\viaide.sys
[2006/11/02 08:51:36 | 000,017,976 | ---- | C] () -- C:\Windows\System32\drivers\amdide.sys
[2006/11/02 08:51:35 | 000,019,000 | ---- | C] () -- C:\Windows\System32\drivers\cmdide.sys
[2006/11/02 08:51:35 | 000,017,464 | ---- | C] () -- C:\Windows\System32\drivers\aliide.sys
[2006/11/02 08:51:30 | 000,083,456 | ---- | C] () -- C:\Windows\System32\drivers\serial.sys
[2006/11/02 08:51:30 | 000,079,360 | ---- | C] () -- C:\Windows\System32\drivers\parport.sys
[2006/11/02 08:51:25 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\serenum.sys
[2006/11/02 08:51:23 | 000,008,704 | ---- | C] () -- C:\Windows\System32\drivers\parvdm.sys
[2006/11/02 08:42:03 | 000,064,512 | ---- | C] () -- C:\Windows\System32\drivers\IPMIDrv.sys
[2006/11/02 08:35:13 | 000,167,528 | ---- | C] () -- C:\Windows\System32\drivers\pcmcia.sys
[2006/11/02 08:35:11 | 000,049,720 | ---- | C] () -- C:\Windows\System32\drivers\isapnp.sys
[2006/11/02 08:35:08 | 000,109,112 | ---- | C] () -- C:\Windows\System32\drivers\NV_AGP.SYS
[2006/11/02 08:35:08 | 000,060,984 | ---- | C] () -- C:\Windows\System32\drivers\ULIAGPKX.SYS
[2006/11/02 08:35:07 | 000,061,496 | ---- | C] () -- C:\Windows\System32\drivers\GAGP30KX.SYS
[2006/11/02 08:35:07 | 000,059,448 | ---- | C] () -- C:\Windows\System32\drivers\UAGP35.SYS
[2006/11/02 08:35:07 | 000,056,888 | ---- | C] () -- C:\Windows\System32\drivers\VIAAGP.SYS
[2006/11/02 08:35:06 | 000,057,400 | ---- | C] () -- C:\Windows\System32\drivers\AMDAGP.SYS
[2006/11/02 08:35:06 | 000,056,376 | ---- | C] () -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 08:35:06 | 000,055,864 | ---- | C] () -- C:\Windows\System32\drivers\SISAGP.SYS
[2006/11/02 08:35:03 | 000,020,792 | ---- | C] () -- C:\Windows\System32\drivers\compbatt.sys
[2006/11/02 08:30:19 | 000,041,472 | ---- | C] () -- C:\Windows\System32\drivers\viac7.sys
[2006/11/02 08:30:18 | 000,044,032 | ---- | C] () -- C:\Windows\System32\drivers\amdk8.sys
[2006/11/02 08:30:18 | 000,041,472 | ---- | C] () -- C:\Windows\System32\drivers\amdk7.sys
[2006/11/02 08:30:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\drivers\processr.sys
[2006/11/02 08:30:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\drivers\crusoe.sys
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:36:50 | 000,020,608 | ---- | C] () -- C:\Windows\System32\drivers\ntrigdigi.sys
[2006/11/02 07:36:49 | 000,071,272 | ---- | C] () -- C:\Windows\System32\drivers\djsvs.sys
[2006/11/02 07:36:48 | 000,238,648 | ---- | C] () -- C:\Windows\System32\drivers\uliahci.sys
[2006/11/02 07:36:48 | 000,130,616 | ---- | C] () -- C:\Windows\System32\drivers\vsmraid.sys
[2006/11/02 07:36:48 | 000,106,088 | ---- | C] () -- C:\Windows\System32\drivers\ql40xx.sys
[2006/11/02 07:36:48 | 000,074,808 | ---- | C] () -- C:\Windows\System32\drivers\sisraid4.sys
[2006/11/02 07:36:48 | 000,041,016 | ---- | C] () -- C:\Windows\System32\drivers\sisraid2.sys
[2006/11/02 07:36:47 | 001,122,360 | ---- | C] () -- C:\Windows\System32\drivers\ql2300.sys
[2006/11/02 07:36:47 | 000,096,312 | ---- | C] () -- C:\Windows\System32\drivers\lsi_fc.sys
[2006/11/02 07:36:47 | 000,035,944 | ---- | C] () -- C:\Windows\System32\drivers\symc8xx.sys
[2006/11/02 07:36:47 | 000,034,920 | ---- | C] () -- C:\Windows\System32\drivers\sym_u3.sys
[2006/11/02 07:36:47 | 000,031,848 | ---- | C] () -- C:\Windows\System32\drivers\sym_hi.sys
[2006/11/02 07:36:46 | 000,115,816 | ---- | C] () -- C:\Windows\System32\drivers\ulsata2.sys
[2006/11/02 07:36:46 | 000,102,968 | ---- | C] () -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 07:36:46 | 000,098,408 | ---- | C] () -- C:\Windows\System32\drivers\ulsata.sys
[2006/11/02 07:36:46 | 000,089,656 | ---- | C] () -- C:\Windows\System32\drivers\lsi_sas.sys
[2006/11/02 07:36:46 | 000,045,112 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 07:36:45 | 000,035,944 | ---- | C] () -- C:\Windows\System32\drivers\iteatapi.sys
[2006/11/02 07:36:45 | 000,033,384 | ---- | C] () -- C:\Windows\System32\drivers\Mraid35x.sys
[2006/11/02 07:36:45 | 000,031,288 | ---- | C] () -- C:\Windows\System32\drivers\megasas.sys
[2006/11/02 07:36:44 | 000,342,584 | ---- | C] () -- C:\Windows\System32\drivers\elxstor.sys
[2006/11/02 07:36:44 | 000,235,064 | ---- | C] () -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 07:36:44 | 000,079,928 | ---- | C] () -- C:\Windows\System32\drivers\arcsas.sys
[2006/11/02 07:36:44 | 000,079,416 | ---- | C] () -- C:\Windows\System32\drivers\arc.sys
[2006/11/02 07:36:44 | 000,045,160 | ---- | C] () -- C:\Windows\System32\drivers\nfrd960.sys
[2006/11/02 07:36:44 | 000,041,576 | ---- | C] () -- C:\Windows\System32\drivers\iirsp.sys
[2006/11/02 07:36:44 | 000,040,504 | ---- | C] () -- C:\Windows\System32\drivers\HpCISSs.sys
[2006/11/02 07:36:44 | 000,035,944 | ---- | C] () -- C:\Windows\System32\drivers\iteraid.sys
[2006/11/02 07:36:43 | 000,422,968 | ---- | C] () -- C:\Windows\System32\drivers\adp94xx.sys
[2006/11/02 07:36:43 | 000,300,600 | ---- | C] () -- C:\Windows\System32\drivers\adpahci.sys
[2006/11/02 07:36:43 | 000,149,560 | ---- | C] () -- C:\Windows\System32\drivers\adpu320.sys
[2006/11/02 07:36:43 | 000,101,432 | ---- | C] () -- C:\Windows\System32\drivers\adpu160m.sys
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 15:41:24 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLch32.dll
[2006/11/01 15:41:16 | 001,724,416 | ---- | C] () -- C:\Windows\System32\SGRep32.dll
[2006/11/01 14:50:40 | 000,126,976 | R--- | C] () -- C:\Windows\System32\PDFInstall.exe
[2004/08/24 10:29:56 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SDOApp.dll
[2004/07/08 07:19:56 | 000,001,187 | ---- | C] () -- C:\Windows\Sageintl.ini
[2004/06/09 09:57:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\Install.exe
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/04/16 10:27:54 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[1999/10/25 09:53:58 | 000,000,008 | ---- | C] () -- C:\Windows\Sage.ini
[1998/03/26 00:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\TMailRL.sys
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\TMail3FL.SYS
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\rlfnlf.sys
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\Windows\System32\flfnlf.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/12/23 18:38:59 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Adobe
[2011/06/04 08:02:59 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Amazon
[2011/10/13 20:34:21 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Apple Computer
[2011/07/10 09:12:18 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\BitDefender
[2011/06/04 08:19:38 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\calibre
[2012/01/11 15:19:57 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Canon
[2010/05/02 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\DassaultSystemes
[2011/11/28 07:00:13 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Dropbox
[2010/05/30 20:20:01 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\EDrawings
[2010/05/01 12:49:58 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Google
[2010/07/09 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\HP
[2011/08/15 10:03:34 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\HpUpdate
[2010/05/01 06:54:31 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Identities
[2010/05/01 12:50:17 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Macromedia
[2012/01/21 21:43:04 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Malwarebytes
[2006/11/02 12:37:34 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Media Center Programs
[2012/01/21 11:37:28 | 000,000,000 | --SD | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Microsoft
[2010/05/01 07:39:21 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\NASNaviator2
[2011/12/12 19:51:39 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\NCH Software
[2011/11/26 23:12:54 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Nero
[2011/01/01 11:36:34 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\PGP
[2010/12/11 09:47:52 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\QuickScan
[2010/12/29 12:00:31 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Samsung
[2010/10/18 20:35:08 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Serif
[2010/05/12 06:39:45 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\Trusteer
[2010/12/02 09:58:19 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\webex
[2010/11/02 07:19:14 | 000,000,000 | ---D | M] -- C:\Users\harrisons-PC-new\AppData\Roaming\WinRAR


< MD5 for: ARIAL.TTF >
[2010/05/02 12:26:02 | 000,766,656 | ---- | M] () MD5=E39AD943B94D3E64ADE263AF3A2298BF -- C:\Windows\Fonts\arial.ttf
[2006/10/10 02:08:43 | 000,766,656 | ---- | M] () MD5=E39AD943B94D3E64ADE263AF3A2298BF -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6000.16386_none_704cae33b0700318\arial.ttf
[2006/10/10 02:08:43 | 000,766,656 | ---- | M] () MD5=E39AD943B94D3E64ADE263AF3A2298BF -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6001.18426_none_7273d9abad65d874\arial.ttf
[2006/10/10 02:08:43 | 000,766,656 | ---- | M] () MD5=E39AD943B94D3E64ADE263AF3A2298BF -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6001.22635_none_72f1a826c68c77ff\arial.ttf
[2006/10/10 02:08:43 | 000,766,656 | ---- | M] () MD5=E39AD943B94D3E64ADE263AF3A2298BF -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.18208_none_7471ede5aa7a258b\arial.ttf
[2006/10/10 02:08:43 | 000,766,656 | ---- | M] () MD5=E39AD943B94D3E64ADE263AF3A2298BF -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.22340_none_74c848b0c3bf6a61\arial.ttf

< MD5 for: ARIALBD.TTF >
[2010/05/02 12:26:04 | 000,744,556 | ---- | M] () MD5=C9DF0565A79017811F9617E4295357C5 -- C:\Windows\Fonts\arialbd.ttf
[2006/10/10 02:08:43 | 000,744,556 | ---- | M] () MD5=C9DF0565A79017811F9617E4295357C5 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6000.16386_none_704cae33b0700318\arialbd.ttf
[2006/10/10 02:08:43 | 000,744,556 | ---- | M] () MD5=C9DF0565A79017811F9617E4295357C5 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6001.18426_none_7273d9abad65d874\arialbd.ttf
[2006/10/10 02:08:43 | 000,744,556 | ---- | M] () MD5=C9DF0565A79017811F9617E4295357C5 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6001.22635_none_72f1a826c68c77ff\arialbd.ttf
[2006/10/10 02:08:43 | 000,744,556 | ---- | M] () MD5=C9DF0565A79017811F9617E4295357C5 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.18208_none_7471ede5aa7a258b\arialbd.ttf
[2006/10/10 02:08:43 | 000,744,556 | ---- | M] () MD5=C9DF0565A79017811F9617E4295357C5 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.22340_none_74c848b0c3bf6a61\arialbd.ttf

< MD5 for: ARIALBI.TTF >
[2010/05/02 12:26:02 | 000,551,824 | ---- | M] () MD5=C1D55F882F8CED5084E2FEF8B2908253 -- C:\Windows\Fonts\arialbi.ttf
[2006/10/03 02:10:27 | 000,551,824 | ---- | M] () MD5=C1D55F882F8CED5084E2FEF8B2908253 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6000.16386_none_704cae33b0700318\arialbi.ttf
[2006/10/03 02:10:27 | 000,551,824 | ---- | M] () MD5=C1D55F882F8CED5084E2FEF8B2908253 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6001.18426_none_7273d9abad65d874\arialbi.ttf
[2006/10/03 02:10:27 | 000,551,824 | ---- | M] () MD5=C1D55F882F8CED5084E2FEF8B2908253 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6001.22635_none_72f1a826c68c77ff\arialbi.ttf
[2006/10/03 02:10:27 | 000,551,824 | ---- | M] () MD5=C1D55F882F8CED5084E2FEF8B2908253 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.18208_none_7471ede5aa7a258b\arialbi.ttf
[2006/10/03 02:10:27 | 000,551,824 | ---- | M] () MD5=C1D55F882F8CED5084E2FEF8B2908253 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.22340_none_74c848b0c3bf6a61\arialbi.ttf

< MD5 for: ARIALI.TTF >
[2010/05/02 12:26:03 | 000,546,536 | ---- | M] () MD5=781F7A4998E7C7752540E1E45F07352A -- C:\Windows\Fonts\ariali.ttf
[2006/10/03 02:10:27 | 000,546,536 | ---- | M] () MD5=781F7A4998E7C7752540E1E45F07352A -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6000.16386_none_704cae33b0700318\ariali.ttf
[2006/10/03 02:10:27 | 000,546,536 | ---- | M] () MD5=781F7A4998E7C7752540E1E45F07352A -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6001.18426_none_7273d9abad65d874\ariali.ttf
[2006/10/03 02:10:27 | 000,546,536 | ---- | M] () MD5=781F7A4998E7C7752540E1E45F07352A -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6001.22635_none_72f1a826c68c77ff\ariali.ttf
[2006/10/03 02:10:27 | 000,546,536 | ---- | M] () MD5=781F7A4998E7C7752540E1E45F07352A -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.18208_none_7471ede5aa7a258b\ariali.ttf
[2006/10/03 02:10:27 | 000,546,536 | ---- | M] () MD5=781F7A4998E7C7752540E1E45F07352A -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.22340_none_74c848b0c3bf6a61\ariali.ttf

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VERDANA.TTF >
[2010/05/02 12:26:03 | 000,185,704 | ---- | M] () MD5=7264CC65D6566409F5029E6766533872 -- C:\Windows\Fonts\verdana.ttf
[2006/10/03 02:11:01 | 000,185,704 | ---- | M] () MD5=7264CC65D6566409F5029E6766533872 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.0.6000.16386_none_bc4261240242d36c\verdana.ttf
[2006/10/03 02:11:01 | 000,185,704 | ---- | M] () MD5=7264CC65D6566409F5029E6766533872 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.0.6001.18426_none_be698c9bff38a8c8\verdana.ttf
[2006/10/03 02:11:01 | 000,185,704 | ---- | M] () MD5=7264CC65D6566409F5029E6766533872 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.0.6001.22635_none_bee75b17185f4853\verdana.ttf
[2006/10/03 02:11:01 | 000,185,704 | ---- | M] () MD5=7264CC65D6566409F5029E6766533872 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.0.6002.18208_none_c067a0d5fc4cf5df\verdana.ttf
[2006/10/03 02:11:01 | 000,185,704 | ---- | M] () MD5=7264CC65D6566409F5029E6766533872 -- C:\Windows\winsxs\x86_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.0.6002.22340_none_c0bdfba115923ab5\verdana.ttf

< MD5 for: WINLOGON.EXE >
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 02:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/06 08:07:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/06 08:07:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/06 08:07:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/06 08:07:22 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/06 08:07:22 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/06 08:07:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/06 08:07:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/06 08:07:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/06 08:07:22 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/06 08:07:22 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 10 bytes -> C:\Users\harrisons-PC-new\Desktop\tdsskiller.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Users\harrisons-PC-new\Desktop\rip-bluray.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Users\harrisons-PC-new\Desktop\OTL.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Users\harrisons-PC-new\Desktop\MobileMeSetup.exe:BDU

< End of report >
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Download, Save and right click on the attached fonts.zip and Extract All. Select all of the .ttf files and then right click and Cut. Then move to c:\Windows\Fonts and Ctrl + v or Right click and Paste. There are existing files there so you will have to tell it to overwrite them. If you get them to copy then run SFC again as before.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt 




attach the file \windows\logs\cbs\junk.txt to your next reply.

IF you can't get them to paste in c:\windows\fonts then try pasting them in C:\

And I will write you an OTL script to move them.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP