Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[VIRUS] Win32/Fareit.A and possibly another one


  • Please log in to reply

#1
Sam Vervaeck

Sam Vervaeck

    Member

  • Member
  • PipPip
  • 10 posts
Hi everybody,

My computer has been infected by a virus, and although I still can use my computer, I'm worried that it might be a keylogger. Any help would be appreciated.
I'm currently doing my first year of computer sciences at university, and having an infected computer is quite inconvenient when you need it almost every day to program.

Symptoms:
Now and then some search results in google get redirected to web advertisements. This seems to be happening randomly, although I noticed that the browser first gets redirected to tealtimes.com before going to the actual advert.
Even more worrying: Microsoft Security Essentials has been turned off, and I am unable to start it. That is, when I run MSE, the main window and the tray icon pop up for a tenth of a second and then close themselves.

Possible Source:
The entire mess started when I clicked the fist link in this search query. It linked to a gouvernmental website, so I wasn't very carefull, because I trusted it to be safe and because I had visited the main page plenty of times before. I still don't think the site is to blaim because now the link as well as the webpage load fine. However, when I opened the website yesterday, a rar file opened containing a program with the name (translated into English): conservatory_mechelen_abscences.exe. Now I realize that this happens to be the exact same name as the search query. Anyway, having seen too much programming code, I assumed that it was some kind of database program for abscences and - stupid as I was - I ran the program.

Things I Tried:
When I felt somerhing was not right, I immediately killed the initial process in task manager (located in AppData/Temp/$RarXyz$). But it seemed that the damage was already done, because MSE wouldn't respond anymore.
I managed to start MSE in safe mode and I ran a full scan. I had to terminate the scan because it was too late in the evening, but still the scan returned a single virus. As far as I can tell the virus was successfully removed. However, when enabling MSE an error code appeared (which I can post here if you want).
When I exited safe mode MSE still wouldn't run, and then I noticed that some links in google got redirected. I followed the step on this page because the sympoms matched mine, but to no avail.
And that is how I got here in the first place, so, again, any help within the next few days with this frustrating problem would be awesome.

OTL QuickScan Results:

OTL logfile created on: 14/02/2012 18:47:47 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

7,90 Gb Total Physical Memory | 5,35 Gb Available Physical Memory | 67,71% Memory free
15,79 Gb Paging File | 13,04 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 274,45 Gb Free Space | 61,52% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 190,04 Gb Free Space | 40,80% Space Free | Partition Type: NTFS

Computer Name: XPS | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 08:21:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012/02/12 18:51:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/03 20:56:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/08/02 08:33:22 | 002,998,592 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2011/01/12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 17:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/03 11:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2010/11/03 11:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2010/11/03 10:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/11/03 10:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/12 18:51:27 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/31 11:26:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2011/12/31 11:26:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/11/14 07:49:04 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/04 15:54:16 | 000,930,304 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\xqhe8rpc.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/10/14 08:48:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2011/10/14 08:48:49 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\356136d6f23fe3cde33dc96fbda2df0a\IAStorUtil.ni.dll
MOD - [2011/10/13 08:09:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 08:09:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 08:09:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 08:09:05 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 08:09:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 08:09:02 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 08:08:59 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/13 00:33:28 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/06/10 23:10:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/20 18:33:22 | 000,135,440 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/10/19 14:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/06/10 22:46:54 | 002,044,688 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/14 08:26:45 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/03 20:56:05 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/01/12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/03 11:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 11:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 10:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/16 16:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/12/07 18:22:48 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/10/31 15:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/10/19 14:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/10/19 14:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/10/15 09:53:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2011/10/15 09:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,014,944 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\radpms.sys -- (radpms)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/09/13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/09/13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/08/24 00:03:02 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/23 21:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/19 14:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/10 22:46:04 | 000,107,280 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/07 12:33:42 | 000,014,544 | ---- | M] (MaxiVista) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mvvideodemo.sys -- (mvvideodemo)
DRV:64bit: - [2011/04/07 12:33:40 | 000,015,568 | ---- | M] (MaxiVista) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mvCmdemo.SYS -- (mvCmdemo)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/04 04:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/04 02:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2010/10/19 17:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 07:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/23 16:44:48 | 001,394,224 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/02 02:46:56 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/11 02:14:42 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Sam\AppData\Local\Spoon\3.32.1.5\npMozillaSpoonPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/12 18:51:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012/01/07 01:43:45 | 000,000,000 | ---D | M]

[2011/10/16 17:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions
[2011/10/16 17:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/02/14 08:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\xqhe8rpc.default\extensions
[2012/01/06 16:22:01 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\xqhe8rpc.default\extensions\[email protected]
[2012/01/31 14:08:01 | 000,000,000 | ---D | M] (rein) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\xqhe8rpc.default\extensions\[email protected]
[2011/11/18 12:42:21 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\xqhe8rpc.default\extensions\[email protected]
[2012/01/03 17:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQHE8RPC.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\SAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQHE8RPC.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\SAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQHE8RPC.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\SAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQHE8RPC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\SAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQHE8RPC.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\SAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQHE8RPC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQHE8RPC.DEFAULT\EXTENSIONS\[email protected]
[2012/02/12 18:51:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/03 17:28:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/03 17:28:25 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/01/03 17:28:25 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/01/03 17:28:25 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2012/02/14 16:43:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FEA4FC0-2D32-498F-8308-3FA5AF02E877}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C303EEE4-A7FA-4C58-8D90-BFF878F38DA9}: DhcpNameServer = 195.130.131.11 195.130.130.11
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 16:41:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/14 08:30:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/14 08:30:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/14 08:30:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/14 08:30:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/14 08:30:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/14 08:02:46 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\QuickScan
[2012/02/14 07:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/02/14 07:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/13 11:23:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\www
[2012/02/12 21:21:58 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TeamViewer
[2012/02/10 22:05:45 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2012/02/10 18:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2012/02/10 18:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
[2012/02/10 11:38:03 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\teamviewervpn.sys
[2012/02/10 11:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/02/08 15:15:43 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Creative Boxes
[2012/02/08 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Sun
[2012/02/08 14:04:04 | 000,000,000 | ---D | C] -- C:\Users\Sam\.netbeans-derby
[2012/02/08 10:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
[2012/02/08 10:31:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/02/08 10:30:34 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/02/08 10:30:33 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/02/08 10:30:33 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/02/08 10:30:32 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/02/08 10:30:32 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/02/08 10:30:23 | 000,376,936 | ---- | C] (Realtek Semiconductor) -- C:\Windows\SysNative\RtkGuiCompLib.dll
[2012/02/08 10:30:21 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/02/08 10:30:21 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/02/08 10:30:20 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/02/08 10:30:20 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/02/08 10:30:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/02/08 10:30:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/02/08 10:30:10 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/02/08 10:30:10 | 000,702,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek2.dll
[2012/02/08 10:30:10 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/02/08 10:30:09 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/02/08 10:30:09 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/02/08 10:30:09 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/02/08 10:29:52 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/02/08 10:29:51 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/02/08 10:29:50 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/02/08 10:29:49 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/02/08 10:29:48 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/02/08 10:29:46 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/02/08 10:29:44 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/02/08 10:29:43 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/02/08 10:29:42 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/02/08 10:29:41 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/02/08 10:29:38 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/02/08 10:29:35 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/02/08 10:29:35 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/02/08 10:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/02/08 10:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JMicron
[2012/02/07 20:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/02/07 19:21:08 | 000,015,568 | ---- | C] (MaxiVista) -- C:\Windows\SysNative\drivers\mvCmdemo.SYS
[2012/02/07 19:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaxiVista Demo Server
[2012/02/07 19:20:22 | 000,039,120 | ---- | C] (Maxivsta) -- C:\Windows\SysNative\mvvideodemo.dll
[2012/02/07 19:20:22 | 000,014,544 | ---- | C] (MaxiVista) -- C:\Windows\SysNative\drivers\mvvideodemo.sys
[2012/02/07 19:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\MaxiVista Demo Server
[2012/02/07 17:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/02/07 17:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/02/03 20:56:03 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\PunkBuster
[2012/02/01 00:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2012/02/01 00:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/01/30 23:52:53 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\VOS
[2012/01/30 16:53:02 | 000,000,000 | ---D | C] -- C:\.netbeans
[2012/01/28 14:54:35 | 000,000,000 | ---D | C] -- C:\MyGame

========== Files - Modified Within 30 Days ==========

[2012/02/14 17:32:22 | 003,181,004 | ---- | M] () -- C:\Users\Sam\Desktop\t.nfo
[2012/02/14 17:19:09 | 000,000,428 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/02/14 16:51:49 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 16:51:49 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 16:50:43 | 001,678,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/14 16:50:43 | 000,748,464 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/02/14 16:50:43 | 000,657,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/14 16:50:43 | 000,154,538 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/02/14 16:50:43 | 000,122,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/14 16:44:30 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\ojefuwb.job
[2012/02/14 16:44:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/14 16:44:17 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/14 16:43:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/02/14 08:10:37 | 000,007,642 | ---- | M] () -- C:\Users\Sam\AppData\Local\resmon.resmoncfg
[2012/02/14 08:06:25 | 000,000,036 | ---- | M] () -- C:\Users\Sam\AppData\Local\housecall.guid.cache
[2012/02/14 07:57:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/14 07:56:58 | 001,700,724 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/13 18:39:02 | 000,102,400 | RHS- | M] () -- C:\Windows\SysWow64\Dism8.dll
[2012/02/12 18:50:54 | 000,001,130 | ---- | M] () -- C:\Users\Sam\Desktop\Team Server RC.lnk
[2012/02/11 10:26:59 | 004,904,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/11 00:58:36 | 000,001,582 | ---- | M] () -- C:\Users\Sam\Desktop\Team Server Final.lnk
[2012/02/10 18:45:05 | 000,001,351 | ---- | M] () -- D:\Documents\AutoHotkey.ahk
[2012/02/10 11:38:09 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/02/08 10:31:14 | 000,074,452 | ---- | M] () -- C:\Windows\SysNative\drivers\RTWAVES30.dat
[2012/02/08 10:28:38 | 000,018,980 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012/02/07 19:24:32 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\OutN64proc64.dll
[2012/02/07 19:24:32 | 000,000,001 | ---- | M] () -- C:\Windows\SysNative\InN64proc64.dll
[2012/02/04 20:55:14 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Pidgin.lnk
[2012/02/03 20:56:06 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/03 20:56:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/01 11:28:47 | 000,001,014 | ---- | M] () -- C:\Users\Sam\Desktop\Dropbox.lnk
[2012/02/01 11:28:47 | 000,000,994 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/29 13:16:40 | 000,000,478 | ---- | M] () -- C:\project.ini
[2012/01/27 13:38:30 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012/02/14 17:32:20 | 003,181,004 | ---- | C] () -- C:\Users\Sam\Desktop\t.nfo
[2012/02/14 08:30:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/14 08:30:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/14 08:30:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/14 08:30:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/14 08:30:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/14 08:06:25 | 000,000,036 | ---- | C] () -- C:\Users\Sam\AppData\Local\housecall.guid.cache
[2012/02/14 07:56:55 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/13 23:37:15 | 000,007,642 | ---- | C] () -- C:\Users\Sam\AppData\Local\resmon.resmoncfg
[2012/02/13 18:39:02 | 000,102,400 | RHS- | C] () -- C:\Windows\SysWow64\Dism8.dll
[2012/02/13 18:39:02 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\ojefuwb.job
[2012/02/12 18:50:54 | 000,001,130 | ---- | C] () -- C:\Users\Sam\Desktop\Team Server RC.lnk
[2012/02/11 10:25:53 | 004,904,008 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/11 00:58:36 | 000,001,582 | ---- | C] () -- C:\Users\Sam\Desktop\Team Server Final.lnk
[2012/02/10 18:45:05 | 000,001,351 | ---- | C] () -- D:\Documents\AutoHotkey.ahk
[2012/02/10 11:38:09 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/02/10 11:38:09 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/02/07 19:24:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\OutN64proc64.dll
[2012/02/07 19:24:32 | 000,000,001 | ---- | C] () -- C:\Windows\SysNative\InN64proc64.dll
[2012/02/03 20:56:06 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/03 20:56:04 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/29 13:16:40 | 000,000,478 | ---- | C] () -- C:\project.ini
[2012/01/08 21:51:41 | 000,000,131 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\CairoAppConfig.xml
[2012/01/08 21:50:38 | 000,000,210 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\CairoStacksConfig.xml
[2011/12/25 23:37:00 | 000,000,600 | ---- | C] () -- C:\Users\Sam\AppData\Local\PUTTY.RND
[2011/12/25 18:31:36 | 000,016,410 | ---- | C] () -- C:\Windows\UN900119.INI
[2011/12/24 13:29:52 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/12/24 13:29:51 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/12/24 13:29:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/11/04 17:19:00 | 000,117,332 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/06 21:35:13 | 000,000,132 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/17 20:08:29 | 000,062,299 | ---- | C] () -- C:\Windows\hpqins01.dat
[2011/09/16 18:03:19 | 000,208,000 | ---- | C] () -- C:\Windows\hpoins31.dat
[2011/09/16 18:03:19 | 000,000,873 | ---- | C] () -- C:\Windows\hpomdl31.dat
[2011/08/28 19:00:45 | 000,050,688 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 22:46:24 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/25 22:46:24 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2011/08/23 18:30:21 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin
[2011/08/23 18:16:47 | 001,700,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/23 17:42:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/23 17:42:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/01 22:17:08 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.minecraft
[2012/02/04 23:04:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.purple
[2011/10/23 00:01:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/07 20:07:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DAEMON Tools Lite
[2012/02/14 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox
[2011/09/05 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0
[2011/09/01 12:48:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Image-Line
[2011/10/23 00:17:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LolClient
[2012/02/12 23:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MediaMonkey
[2011/08/28 13:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\My Battle for Middle-earth™ II Files
[2011/08/25 21:35:54 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2012/01/07 02:15:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nokia
[2012/01/07 01:39:35 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nokia Ovi Suite
[2012/01/07 02:15:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nokia Suite
[2012/02/07 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Notepad++
[2011/08/28 18:50:41 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PC Suite
[2011/10/16 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Prism
[2012/02/03 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PunkBuster
[2012/02/14 08:02:52 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\QuickScan
[2012/02/11 00:47:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Racket
[2011/08/28 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SPORE
[2011/08/23 17:31:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SystemRequirementsLab
[2012/02/12 21:21:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TeamViewer
[2011/08/29 11:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\The Creative Assembly
[2011/08/28 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Ubisoft
[2012/01/30 23:52:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\VOS
[2012/02/14 16:44:30 | 000,000,300 | ---- | M] () -- C:\Windows\Tasks\ojefuwb.job
[2011/12/20 09:59:00 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Sam Vervaeck, 18 February 2012 - 08:15 AM.

  • 0

Advertisements


#2
Sam Vervaeck

Sam Vervaeck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Update

I managed to update MSE in safe mode and I ran a full scan. The report contained no viruses, but I was still unable to successfully activate MSE. Instead, an error code appears: 0x800705b4.

mse-error.png

Above that, I am unable to run any of the Microsoft Office 2010 programs. The program immediately opens an installer on start-up and after half a second, it throws an error saying that MSO was unable to check the license of the application, and that an attempt to repair this problem has failed because it was cancelled by the user. After clicking OK, it just closes, leaving me unable to check my mail or write a document. I'm starting to think that there is something wrong with my Microsoft license key, but I am fairly sure that there isn't because I've experienced no problems with it in the past.

phase1.png phase2.png

Edit: While I was looking into the OTL QuickScan results, I noticed that some LogMeIn-files are still running on my computer (like Hamachi, if I'm correct). I don't know if this has got anything to do with it, but those files shouldn't be there, because I removed the program about a week ago ...

Edited by Sam Vervaeck, 19 February 2012 - 03:39 AM.

  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,003 posts
  • MVP
You answered your own post and we just look for unanswered posts so you got ignored.

See if you can delete these two files:

C:\Windows\SysWow64\Dism8.dll
C:\Windows\tasks\ojefuwb.job

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (accept the Avast Engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#4
Sam Vervaeck

Sam Vervaeck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Ron,

Thanks for the reply anyway. I followed the instructions you gave me. These are the results:

  • C:\Windows\SysWow64\Dism8.dll: file not found (though there is one called C:\Windows\SysWow64\Dism.dll)
  • C:\Windows\tasks\ojefuwb.job: removed manually
ComboFix logfile:

ComboFix 12-02-22.01 - Sam 22/02/2012  15:57:13.3.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.32.1043.18.8086.5887 [GMT 1:00]
Gestart vanuit: d:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-01-22 to 2012-02-22  ))))))))))))))))))))))))))))))
.
.
2012-02-22 15:00 . 2012-02-22 15:00    --------	d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2012-02-22 15:00 . 2012-02-22 15:00    --------	d-----w-	c:\users\UpdatusUser.XPS\AppData\Local\temp
2012-02-22 15:00 . 2012-02-22 15:00    --------	d-----w-    c:\users\Helen\AppData\Local\temp
2012-02-22 15:00 . 2012-02-22 15:00    --------	d-----w-    c:\users\Gast\AppData\Local\temp
2012-02-22 15:00 . 2012-02-22 15:00    --------	d-----w-    c:\users\Default\AppData\Local\temp
2012-02-19 16:54 . 2012-02-19 16:54    --------	d-----w-    c:\users\Sam\AppData\Local\ElevatedDiagnostics
2012-02-18 08:47 . 2012-02-09 12:17	927800    ----a-w- 	c:\programdata\Microsoft\Microsoft Antimalware\Definition  Updates\NISBackup\gapaengine.dll
2012-02-18 08:47 . 2012-02-09 12:17	927800    ----a-w- 	c:\programdata\Microsoft\Microsoft Antimalware\Definition  Updates\{27514BCC-95BC-41BF-A327-B2C20E43AF40}\gapaengine.dll
2012-02-18 08:46 . 2012-01-17 03:39	8602168    ------w- 	c:\programdata\Microsoft\Microsoft Antimalware\Definition  Updates\{AD8AC620-71FF-40E1-AFE1-33A3BF6BD17E}\mpengine.dll
2012-02-15 05:47 . 2012-01-04 10:44	509952    ----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 05:47 . 2012-01-04 08:58	442880    ----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-15 05:46 . 2011-12-30 06:26	515584    ----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 05:46 . 2011-12-30 05:27	478720    ----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-15 05:46 . 2012-01-14 04:06	3145728    ----a-w-	c:\windows\system32\win32k.sys
2012-02-15 05:46 . 2011-12-28 03:59	498688    ----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-15 05:46 . 2011-12-16 08:46	634880    ----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 05:46 . 2011-12-16 07:52	690688    ----a-w-	c:\windows\SysWow64\msvcrt.dll
2012-02-14 07:02 . 2012-02-14 07:02    --------	d-----w-    c:\users\Sam\AppData\Roaming\QuickScan
2012-02-14 06:56 . 2012-02-14 06:57    --------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-02-14 06:56 . 2012-02-14 06:57    --------	d-----w-	c:\program files\Microsoft Security Client
2012-02-13 17:39 . 2012-02-13 17:39	102400    --sha-r-	c:\windows\SysWow64\Dism8.dll
2012-02-13 10:23 . 2012-02-13 10:23    --------	d-----w-	c:\users\Sam\www
2012-02-12 20:21 . 2012-02-12 20:21    --------	d-----w-    c:\users\Sam\AppData\Roaming\TeamViewer
2012-02-10 17:19 . 2012-02-10 17:19    --------	d-----w-	c:\program files (x86)\AutoHotkey
2012-02-10 10:38 . 2011-12-16 15:53	35112    ----a-w-	c:\windows\system32\drivers\teamviewervpn.sys
2012-02-10 10:37 . 2012-02-10 10:37    --------	d-----w-	c:\program files (x86)\TeamViewer
2012-02-08 14:15 . 2012-02-08 14:15    --------	d-----w-    c:\users\Sam\AppData\Roaming\Creative Boxes
2012-02-08 13:04 . 2012-02-08 13:04    --------	d-----w-    c:\users\Sam\.netbeans-derby
2012-02-08 09:31 . 2012-02-08 09:31    --------	d-----w-	c:\windows\SysWow64\RTCOM
2012-02-08 09:29 . 2011-05-05 14:24	2085440    ----a-w-	c:\windows\system32\FMAPO64.dll
2012-02-08 09:27 . 2012-02-08 09:27    --------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2012-02-08 09:06 . 2012-02-08 09:06    --------	d-----w-	c:\program files (x86)\JMicron
2012-02-07 19:32 . 2012-02-07 19:33    --------	d-----w-	c:\program files\Oracle
2012-02-07 19:32 . 2011-11-08 18:40	750488    ----a-w-	c:\windows\system32\npdeployJava1.dll
2012-02-07 18:24 . 2012-02-07 18:24	3    ----a-w-	c:\windows\system32\OutN64proc64.dll
2012-02-07 18:24 . 2012-02-07 18:24	1    ----a-w-	c:\windows\system32\InN64proc64.dll
2012-02-07 18:21 . 2011-04-07 11:33	15568    ----a-w-	c:\windows\system32\drivers\mvCmdemo.SYS
2012-02-07 18:20 . 2011-04-07 11:33	39120    ----a-w-	c:\windows\system32\mvvideodemo.dll
2012-02-07 18:20 . 2011-04-07 11:33	14544    ----a-w-	c:\windows\system32\drivers\mvvideodemo.sys
2012-02-07 18:20 . 2012-02-07 18:20    --------	d-----w-	c:\program files\MaxiVista Demo Server
2012-02-07 16:56 . 2012-02-07 16:56    --------	d-----w-	c:\program files\Microsoft IntelliPoint
2012-02-05 21:33 . 2012-02-05 21:33    --------	d-----w-    c:\users\Helen\AppData\Roaming\HpUpdate
2012-02-03 19:56 . 2012-02-03 19:56	189248    ----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-02-03 19:56 . 2012-02-03 19:56	75136    ----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-02-03 19:56 . 2012-02-03 19:56    --------	d-----w-    c:\users\Sam\AppData\Roaming\PunkBuster
2012-01-31 23:37 . 2012-01-31 23:37    --------	d-----w-	c:\program files (x86)\Dell
2012-01-31 23:37 . 2012-01-31 23:37    --------	d-----w-	c:\programdata\Dell
2012-01-30 22:52 . 2012-01-30 22:52    --------	d-----w-    c:\users\Sam\AppData\Roaming\VOS
2012-01-30 15:53 . 2012-01-30 15:53    --------	d-----w-	C:\.netbeans
2012-01-30 15:52 . 2012-01-30 15:52    --------	d-----w-	c:\windows\system32\config\systemprofile\.netbeans
2012-01-28 16:55 . 2012-02-14 07:39    --------	d-----w-	c:\users\Web Framework
2012-01-28 16:55 . 2012-02-14 07:39    --------	d-----w-	c:\users\Web Desktop
2012-01-28 13:54 . 2012-01-28 13:54    --------	d-----w-	C:\MyGame
2012-01-24 16:47 . 2012-01-24 16:47    --------	d-----w-    c:\users\Helen\AppData\Roaming\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 03:59 . 2010-11-21 03:27	279656    ------w-	c:\windows\system32\MpSigStub.exe
2011-12-12 18:31 . 2011-08-23 16:14	472808    ----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-12-07 17:22 . 2011-09-11 18:41	87456    ----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2011-12-07 17:22 . 2011-09-11 18:41	34688    ----a-w-	c:\windows\system32\LMIport.dll
2011-12-07 17:22 . 2011-09-11 18:41	80768    ----a-w-	c:\windows\system32\LMIinit.dll
2011-12-07 09:45 . 2011-12-03 14:14	188128    ----a-w-    c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-12-07 09:08 . 2011-12-06 23:02	112832    ----a-w-    c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208    ----a-w-    c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-    c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208    ----a-w-    c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host  Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN  v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe  [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN  v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe  [2010-03-18 138576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint  Workspace Audit Service;c:\program files (x86)\Microsoft  Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common  Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE  [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed  Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe  [2011-10-19 661504]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High  Speed Security Service;c:\program  files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files  (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe  [2011-01-12 13336]
S2 mvCmdemo;mvCmdemo;c:\windows\system32\Drivers\mvCmdemo.SYS [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files  (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification  Service;c:\program files (x86)\Intel\Intel® Management Engine  Components\UNS\UNS.exe [2010-12-20 2656280]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtuele adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mvvideodemo;MaxiVista Virtual Video Demo;c:\windows\system32\DRIVERS\mvvideodemo.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter  stuurprogramma onder Windows 7 64  Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792    ----a-w-    c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792    ----a-w-	c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792    ----a-w-    c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792    ----a-w-    c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-15 539456]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\xqhe8rpc.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-02-22  16:01:18
ComboFix-quarantined-files.txt  2012-02-22 15:01
ComboFix2.txt  2012-02-22 14:51
ComboFix3.txt  2012-02-14 07:39
.
Pre-Run: 311.093.542.912 bytes beschikbaar
Post-Run: 311.021.580.288 bytes beschikbaar
.
- - End Of File - - 49A2A15075EAAF2C67596B7C5990EFD5

TDSS KIller Logfile:

16:04:49.0163 5408	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
16:04:49.0319 5408    ============================================================
16:04:49.0319 5408	Current date / time: 2012/02/22 16:04:49.0319
16:04:49.0319 5408	SystemInfo:
16:04:49.0319 5408	
16:04:49.0319 5408	OS Version: 6.1.7601 ServicePack: 1.0
16:04:49.0319 5408	Product type: Workstation
16:04:49.0319 5408	ComputerName: XPS
16:04:49.0319 5408	UserName: Sam
16:04:49.0319 5408	Windows directory: C:\Windows
16:04:49.0319 5408	System windows directory: C:\Windows
16:04:49.0319 5408	Running under WOW64
16:04:49.0319 5408	Processor architecture: Intel x64
16:04:49.0319 5408	Number of processors: 8
16:04:49.0319 5408	Page size: 0x1000
16:04:49.0319 5408	Boot type: Normal boot
16:04:49.0319 5408    ============================================================
16:04:49.0818 5408	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000  (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack:  0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:49.0833 5408	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000  (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack:  0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:49.0849 5408	\Device\Harddisk0\DR0:
16:04:49.0849 5408	MBR used
16:04:49.0849 5408	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
16:04:49.0849 5408	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
16:04:49.0849 5408	\Device\Harddisk1\DR1:
16:04:49.0849 5408	MBR used
16:04:49.0849 5408	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
16:04:49.0896 5408	Initialize success
16:04:49.0896 5408    ============================================================
16:06:14.0307 5540    ============================================================
16:06:14.0307 5540	Scan started
16:06:14.0307 5540	Mode: Manual; 
16:06:14.0307 5540    ============================================================
16:06:14.0682 5540    1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:06:14.0682 5540	1394ohci - ok
16:06:14.0729 5540	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:06:14.0744 5540	ACPI - ok
16:06:14.0775 5540    AcpiPmi 		(99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:06:14.0775 5540	AcpiPmi - ok
16:06:14.0838 5540    adp94xx 		(2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:06:14.0853 5540	adp94xx - ok
16:06:14.0885 5540    adpahci 		(597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:06:14.0885 5540	adpahci - ok
16:06:14.0931 5540    adpu320 		(e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:06:14.0931 5540	adpu320 - ok
16:06:15.0025 5540    AFD 			(1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:06:15.0041 5540	AFD - ok
16:06:15.0072 5540    agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:06:15.0072 5540	agp440 - ok
16:06:15.0119 5540	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:06:15.0119 5540	aliide - ok
16:06:15.0150 5540    amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:06:15.0150 5540	amdide - ok
16:06:15.0181 5540    AmdK8   		(7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:06:15.0181 5540	AmdK8 - ok
16:06:15.0212 5540    AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:06:15.0212 5540	AmdPPM - ok
16:06:15.0275 5540    amdsata 		(d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:06:15.0275 5540	amdsata - ok
16:06:15.0306 5540    amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:06:15.0306 5540	amdsbs - ok
16:06:15.0337 5540    amdxata 		(540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:06:15.0353 5540	amdxata - ok
16:06:15.0415 5540	AMPPAL          (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\AMPPAL.sys
16:06:15.0415 5540	AMPPAL - ok
16:06:15.0462 5540    AMPPALP 		(12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\amppal.sys
16:06:15.0462 5540	AMPPALP - ok
16:06:15.0540 5540    AppID   		(89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:06:15.0540 5540	AppID - ok
16:06:15.0587 5540    arc 			(c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:06:15.0587 5540	arc - ok
16:06:15.0633 5540    arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:06:15.0633 5540	arcsas - ok
16:06:15.0696 5540    AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:06:15.0696 5540	AsyncMac - ok
16:06:15.0743 5540    atapi   		(02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:06:15.0743 5540	atapi - ok
16:06:15.0836 5540	AVer7231_x64	(fd6d09d43563322543134d2c0136b41b) C:\Windows\system32\DRIVERS\AVer7231_x64.sys
16:06:15.0852 5540	AVer7231_x64 - ok
16:06:15.0930 5540    b06bdrv 		(3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:06:15.0945 5540	b06bdrv - ok
16:06:15.0977 5540    b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:06:15.0977 5540	b57nd60a - ok
16:06:16.0008 5540    Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:06:16.0008 5540	Beep - ok
16:06:16.0055 5540    blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:06:16.0055 5540	blbdrive - ok
16:06:16.0148 5540    bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:06:16.0148 5540	bowser - ok
16:06:16.0195 5540    BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:06:16.0195 5540	BrFiltLo - ok
16:06:16.0226 5540    BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:06:16.0226 5540	BrFiltUp - ok
16:06:16.0304 5540    BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:06:16.0304 5540	BridgeMP - ok
16:06:16.0367 5540    Brserid 		(43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:06:16.0367 5540	Brserid - ok
16:06:16.0398 5540    BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:06:16.0398 5540	BrSerWdm - ok
16:06:16.0445 5540    BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:06:16.0445 5540	BrUsbMdm - ok
16:06:16.0460 5540    BrUsbSer    	(a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:06:16.0476 5540	BrUsbSer - ok
16:06:16.0554 5540    BthEnum 		(cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:06:16.0554 5540	BthEnum - ok
16:06:16.0585 5540    BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:06:16.0585 5540	BTHMODEM - ok
16:06:16.0632 5540    BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:06:16.0632 5540	BthPan - ok
16:06:16.0679 5540    BTHPORT 		(64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:06:16.0694 5540	BTHPORT - ok
16:06:16.0757 5540    BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:06:16.0757 5540	BTHUSB - ok
16:06:16.0803 5540    btmaux          (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\Windows\system32\DRIVERS\btmaux.sys
16:06:16.0803 5540	btmaux - ok
16:06:16.0850 5540	btmhsf          (0c468d8da95be16bfdd380bb9de88259) C:\Windows\system32\DRIVERS\btmhsf.sys
16:06:16.0850 5540	btmhsf - ok
16:06:16.0897 5540	catchme - ok
16:06:16.0959 5540    cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:06:16.0959 5540	cdfs - ok
16:06:17.0006 5540    cdrom   		(f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:06:17.0006 5540	cdrom - ok
16:06:17.0053 5540    circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:06:17.0053 5540	circlass - ok
16:06:17.0100 5540    CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:06:17.0115 5540	CLFS - ok
16:06:17.0178 5540    CmBatt      	(0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:06:17.0178 5540	CmBatt - ok
16:06:17.0209 5540    cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:06:17.0209 5540	cmdide - ok
16:06:17.0287 5540    CNG 			(c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:06:17.0287 5540	CNG - ok
16:06:17.0349 5540    Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:06:17.0349 5540	Compbatt - ok
16:06:17.0381 5540	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:06:17.0381 5540	CompositeBus - ok
16:06:17.0427 5540    crcdisk 		(1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:06:17.0427 5540	crcdisk - ok
16:06:17.0521 5540    CSC 			(54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:06:17.0521 5540	CSC - ok
16:06:17.0615 5540    dc3d        	(1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
16:06:17.0615 5540	dc3d - ok
16:06:17.0661 5540    DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:06:17.0677 5540	DfsC - ok
16:06:17.0708 5540    discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:06:17.0708 5540	discache - ok
16:06:17.0755 5540    Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:06:17.0755 5540	Disk - ok
16:06:17.0817 5540    dmvsc   		(5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
16:06:17.0817 5540	dmvsc - ok
16:06:17.0880 5540    drmkaud 		(9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:06:17.0880 5540	drmkaud - ok
16:06:17.0942 5540	dtsoftbus01 	(d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:06:17.0942 5540	dtsoftbus01 - ok
16:06:18.0005 5540    DXGKrnl 		(f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:06:18.0020 5540	DXGKrnl - ok
16:06:18.0114 5540    ebdrv   		(dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:06:18.0129 5540	ebdrv - ok
16:06:18.0207 5540    elxstor 		(0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:06:18.0223 5540	elxstor - ok
16:06:18.0254 5540    ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:06:18.0254 5540	ErrDev - ok
16:06:18.0301 5540    exfat   		(a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:06:18.0301 5540	exfat - ok
16:06:18.0332 5540    fastfat 		(0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:06:18.0332 5540	fastfat - ok
16:06:18.0379 5540    fdc 			(d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:06:18.0379 5540	fdc - ok
16:06:18.0410 5540    FileInfo    	(655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:06:18.0410 5540	FileInfo - ok
16:06:18.0441 5540    Filetrace   	(5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:06:18.0441 5540	Filetrace - ok
16:06:18.0457 5540    flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:06:18.0457 5540	flpydisk - ok
16:06:18.0504 5540    FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:06:18.0504 5540	FltMgr - ok
16:06:18.0551 5540    FsDepends   	(d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:06:18.0551 5540	FsDepends - ok
16:06:18.0597 5540    Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:06:18.0597 5540	Fs_Rec - ok
16:06:18.0629 5540    fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:06:18.0644 5540	fvevol - ok
16:06:18.0675 5540	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:06:18.0675 5540	gagp30kx - ok
16:06:18.0753 5540    hamachi 		(1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:06:18.0753 5540	hamachi - ok
16:06:18.0785 5540    hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:06:18.0785 5540	hcw85cir - ok
16:06:18.0847 5540	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:06:18.0863 5540	HdAudAddService - ok
16:06:18.0894 5540    HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:06:18.0909 5540	HDAudBus - ok
16:06:18.0941 5540    HidBatt 		(78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:06:18.0941 5540	HidBatt - ok
16:06:18.0972 5540    HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:06:18.0972 5540	HidBth - ok
16:06:19.0019 5540    HidIr   		(0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:06:19.0019 5540	HidIr - ok
16:06:19.0065 5540    HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:06:19.0065 5540	HidUsb - ok
16:06:19.0159 5540    HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:06:19.0159 5540	HpSAMD - ok
16:06:19.0206 5540    HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:06:19.0221 5540	HTTP - ok
16:06:19.0253 5540    hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:06:19.0253 5540	hwpolicy - ok
16:06:19.0284 5540    i8042prt    	(fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:06:19.0284 5540	i8042prt - ok
16:06:19.0362 5540    iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
16:06:19.0362 5540	iaStor - ok
16:06:19.0440 5540    iaStorV 		(aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:06:19.0455 5540	iaStorV - ok
16:06:19.0487 5540	iBtFltCoex      (fc85972037815fa7b413e790b426acb2) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:06:19.0487 5540	iBtFltCoex - ok
16:06:19.0814 5540    igfx            (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:06:19.0877 5540	igfx - ok
16:06:19.0923 5540    iirsp   		(5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:06:19.0939 5540	iirsp - ok
16:06:20.0079 5540	IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
16:06:20.0095 5540	IntcAzAudAddService - ok
16:06:20.0173 5540    IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:06:20.0173 5540	IntcDAud - ok
16:06:20.0204 5540    intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:06:20.0220 5540	intelide - ok
16:06:20.0251 5540    intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:06:20.0251 5540	intelppm - ok
16:06:20.0313 5540	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:06:20.0313 5540	IpFilterDriver - ok
16:06:20.0360 5540    IPMIDRV 		(0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:06:20.0360 5540	IPMIDRV - ok
16:06:20.0391 5540	IPNAT   		(af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:06:20.0391 5540	IPNAT - ok
16:06:20.0438 5540    IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:06:20.0438 5540	IRENUM - ok
16:06:20.0469 5540    isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:06:20.0469 5540	isapnp - ok
16:06:20.0501 5540    iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:06:20.0501 5540	iScsiPrt - ok
16:06:20.0532 5540	JMCR - ok
16:06:20.0563 5540    kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:06:20.0563 5540	kbdclass - ok
16:06:20.0594 5540	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:06:20.0594 5540	kbdhid - ok
16:06:20.0657 5540    KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:06:20.0657 5540	KSecDD - ok
16:06:20.0672 5540    KSecPkg 		(7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:06:20.0672 5540	KSecPkg - ok
16:06:20.0688 5540    ksthunk 		(6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:06:20.0688 5540	ksthunk - ok
16:06:20.0735 5540    lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:06:20.0735 5540	lltdio - ok
16:06:20.0781 5540	LMIInfo - ok
16:06:20.0844 5540	lmimirr 		(413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
16:06:20.0844 5540	lmimirr - ok
16:06:20.0875 5540	LMIRfsClientNP - ok
16:06:20.0906 5540	LMIRfsDriver    (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:06:20.0906 5540	LMIRfsDriver - ok
16:06:20.0953 5540    LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:06:20.0953 5540	LSI_FC - ok
16:06:20.0969 5540    LSI_SAS 		(1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:06:20.0969 5540	LSI_SAS - ok
16:06:20.0984 5540    LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:06:20.0984 5540	LSI_SAS2 - ok
16:06:21.0000 5540    LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:06:21.0000 5540	LSI_SCSI - ok
16:06:21.0031 5540    luafv   		(43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:06:21.0031 5540	luafv - ok
16:06:21.0047 5540    megasas 		(a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:06:21.0047 5540	megasas - ok
16:06:21.0078 5540    MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:06:21.0078 5540	MegaSR - ok
16:06:21.0109 5540    MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:06:21.0125 5540	MEIx64 - ok
16:06:21.0140 5540    Modem   		(800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:06:21.0140 5540	Modem - ok
16:06:21.0187 5540    monitor 		(b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:06:21.0187 5540	monitor - ok
16:06:21.0218 5540    mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:06:21.0218 5540	mouclass - ok
16:06:21.0249 5540    mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:06:21.0249 5540	mouhid - ok
16:06:21.0265 5540    mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:06:21.0265 5540	mountmgr - ok
16:06:21.0312 5540    MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:06:21.0312 5540	MpFilter - ok
16:06:21.0343 5540    mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:06:21.0343 5540	mpio - ok
16:06:21.0359 5540    MpNWMon 		(8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:06:21.0359 5540	MpNWMon - ok
16:06:21.0374 5540    mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:06:21.0374 5540	mpsdrv - ok
16:06:21.0405 5540    MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:06:21.0405 5540	MRxDAV - ok
16:06:21.0515 5540    mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:06:21.0530 5540	mrxsmb - ok
16:06:21.0561 5540    mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:06:21.0561 5540	mrxsmb10 - ok
16:06:21.0577 5540    mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:06:21.0593 5540	mrxsmb20 - ok
16:06:21.0639 5540    msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:06:21.0639 5540	msahci - ok
16:06:21.0655 5540	msdsm   		(db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:06:21.0655 5540	msdsm - ok
16:06:21.0702 5540    Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:06:21.0702 5540	Msfs - ok
16:06:21.0733 5540    mshidkmdf   	(f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:06:21.0733 5540	mshidkmdf - ok
16:06:21.0764 5540    msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:06:21.0764 5540	msisadrv - ok
16:06:21.0795 5540    MSKSSRV 		(49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:06:21.0795 5540	MSKSSRV - ok
16:06:21.0842 5540    MSPCLOCK    	(bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:06:21.0858 5540	MSPCLOCK - ok
16:06:21.0873 5540    MSPQM   		(4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:06:21.0873 5540	MSPQM - ok
16:06:21.0920 5540	MsRPC   		(759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:06:21.0936 5540	MsRPC - ok
16:06:21.0998 5540    mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:06:21.0998 5540	mssmbios - ok
16:06:22.0061 5540    MSTEE   		(2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:06:22.0061 5540	MSTEE - ok
16:06:22.0092 5540    MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:06:22.0092 5540	MTConfig - ok
16:06:22.0123 5540    Mup 			(f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:06:22.0123 5540	Mup - ok
16:06:22.0201 5540    mvCmdemo    	(d8cb9a12d29313e3d45520db2c81fbd3) C:\Windows\system32\Drivers\mvCmdemo.SYS
16:06:22.0201 5540	mvCmdemo - ok
16:06:22.0248 5540	mvvideodemo 	(ce0156be8134b4148a6d09d133ed09db) C:\Windows\system32\DRIVERS\mvvideodemo.sys
16:06:22.0248 5540	mvvideodemo - ok
16:06:22.0326 5540	NativeWifiP 	(1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:06:22.0326 5540	NativeWifiP - ok
16:06:22.0373 5540    NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:06:22.0388 5540	NDIS - ok
16:06:22.0419 5540    NdisCap 		(9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:06:22.0419 5540	NdisCap - ok
16:06:22.0451 5540    NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:06:22.0451 5540	NdisTapi - ok
16:06:22.0482 5540    Ndisuio 		(136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:06:22.0482 5540	Ndisuio - ok
16:06:22.0513 5540    NdisWan 		(53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:06:22.0513 5540	NdisWan - ok
16:06:22.0529 5540    NDProxy 		(015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:06:22.0529 5540	NDProxy - ok
16:06:22.0575 5540    NetBIOS 		(86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:06:22.0575 5540	NetBIOS - ok
16:06:22.0607 5540    NetBT   		(09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:06:22.0607 5540	NetBT - ok
16:06:22.0887 5540    NETwNs64        (774c9eccef83ab8a3d1466f19809c95f) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:06:22.0919 5540	NETwNs64 - ok
16:06:22.0950 5540    nfrd960 		(77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:06:22.0950 5540	nfrd960 - ok
16:06:22.0997 5540    NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:06:22.0997 5540	NisDrv - ok
16:06:23.0059 5540	nmwcd   		(907b5e1e4a592e5edc5e4ccbde4863c2) C:\Windows\system32\drivers\ccdcmbx64.sys
16:06:23.0059 5540	nmwcd - ok
16:06:23.0090 5540    nmwcdc          (41c1ac1f3613435eb32d67bcb80a5fa5) C:\Windows\system32\drivers\ccdcmbox64.sys
16:06:23.0090 5540	nmwcdc - ok
16:06:23.0121 5540    Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:06:23.0121 5540	Npfs - ok
16:06:23.0153 5540    nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:06:23.0153 5540	nsiproxy - ok
16:06:23.0231 5540    Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:06:23.0262 5540	Ntfs - ok
16:06:23.0309 5540    Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:06:23.0309 5540	Null - ok
16:06:23.0340 5540    nusb3hub        (d584abb6a308933a5f72b46c9e5a783f) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:06:23.0340 5540	nusb3hub - ok
16:06:23.0371 5540	nusb3xhc        (345b9c04e2036da4346e3249a5bdfd06) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:06:23.0387 5540	nusb3xhc - ok
16:06:23.0433 5540    NVHDA   		(10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
16:06:23.0433 5540	NVHDA - ok
16:06:23.0480 5540    nvkflt          (63bcd806f51c31159193697f306feb7f) C:\Windows\system32\DRIVERS\nvkflt.sys
16:06:23.0480 5540	nvkflt - ok
16:06:23.0792 5540    nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:06:23.0839 5540	nvlddmkm - ok
16:06:23.0886 5540    nvoclk64        (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
16:06:23.0886 5540	nvoclk64 - ok
16:06:23.0933 5540    nvpciflt    	(682ea9ed3399d6066f0daecf7938727e) C:\Windows\system32\DRIVERS\nvpciflt.sys
16:06:23.0933 5540	nvpciflt - ok
16:06:23.0979 5540    nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:06:23.0995 5540	nvraid - ok
16:06:24.0026 5540    nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:06:24.0026 5540	nvstor - ok
16:06:24.0104 5540    nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:06:24.0104 5540	nv_agp - ok
16:06:24.0120 5540    ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:06:24.0135 5540	ohci1394 - ok
16:06:24.0182 5540    Parport 		(0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:06:24.0182 5540	Parport - ok
16:06:24.0198 5540    partmgr 		(871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:06:24.0198 5540	partmgr - ok
16:06:24.0229 5540	pccsmcfd - ok
16:06:24.0245 5540    pci 			(94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:06:24.0245 5540	pci - ok
16:06:24.0276 5540    pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:06:24.0276 5540	pciide - ok
16:06:24.0291 5540    pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:06:24.0291 5540	pcmcia - ok
16:06:24.0307 5540    pcw 			(d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:06:24.0323 5540	pcw - ok
16:06:24.0338 5540    PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:06:24.0354 5540	PEAUTH - ok
16:06:24.0494 5540    Point64 		(4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
16:06:24.0494 5540	Point64 - ok
16:06:24.0557 5540	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:06:24.0557 5540	PptpMiniport - ok
16:06:24.0572 5540    Processor   	(0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:06:24.0572 5540	Processor - ok
16:06:24.0603 5540    Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:06:24.0603 5540	Psched - ok
16:06:24.0650 5540    PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:06:24.0666 5540	PxHlpa64 - ok
16:06:24.0697 5540    qicflt          (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
16:06:24.0697 5540	qicflt - ok
16:06:24.0759 5540    ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:06:24.0775 5540	ql2300 - ok
16:06:24.0806 5540    ql40xx      	(4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:06:24.0806 5540	ql40xx - ok
16:06:24.0822 5540    QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:06:24.0822 5540	QWAVEdrv - ok
16:06:24.0884 5540    radpms          (58435613c2537715a9423597ec6635cc) C:\Windows\system32\DRIVERS\radpms.sys
16:06:24.0884 5540	radpms - ok
16:06:24.0900 5540    RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:06:24.0900 5540	RasAcd - ok
16:06:24.0947 5540	RasAgileVpn 	(7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:06:24.0947 5540	RasAgileVpn - ok
16:06:24.0978 5540    Rasl2tp 		(471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:06:24.0978 5540	Rasl2tp - ok
16:06:25.0025 5540    RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:06:25.0025 5540	RasPppoe - ok
16:06:25.0056 5540	RasSstp 		(e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:06:25.0056 5540	RasSstp - ok
16:06:25.0087 5540    rdbss   		(77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:06:25.0103 5540	rdbss - ok
16:06:25.0118 5540    rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:06:25.0118 5540	rdpbus - ok
16:06:25.0134 5540    RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:06:25.0149 5540	RDPCDD - ok
16:06:25.0181 5540    RDPDR   		(1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:06:25.0181 5540	RDPDR - ok
16:06:25.0212 5540    RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:06:25.0212 5540	RDPENCDD - ok
16:06:25.0227 5540    RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:06:25.0227 5540	RDPREFMP - ok
16:06:25.0274 5540	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:06:25.0274 5540	RdpVideoMiniport - ok
16:06:25.0290 5540    RDPWD   		(15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:06:25.0305 5540	RDPWD - ok
16:06:25.0337 5540    rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:06:25.0337 5540	rdyboost - ok
16:06:25.0399 5540    RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:06:25.0399 5540	RFCOMM - ok
16:06:25.0430 5540    rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:06:25.0430 5540	rspndr - ok
16:06:25.0493 5540    RTL8167 		(9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:06:25.0508 5540	RTL8167 - ok
16:06:25.0555 5540    s3cap   		(e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:06:25.0555 5540	s3cap - ok
16:06:25.0586 5540    sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:06:25.0586 5540	sbp2port - ok
16:06:25.0617 5540    scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:06:25.0617 5540	scfilter - ok
16:06:25.0680 5540    sdbus   		(111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
16:06:25.0680 5540	sdbus - ok
16:06:25.0711 5540    secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:06:25.0727 5540	secdrv - ok
16:06:25.0773 5540    Serenum 		(cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:06:25.0773 5540	Serenum - ok
16:06:25.0789 5540	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:06:25.0805 5540	Serial - ok
16:06:25.0820 5540    sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:06:25.0820 5540	sermouse - ok
16:06:25.0851 5540    sffdisk 		(a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:06:25.0851 5540	sffdisk - ok
16:06:25.0867 5540    sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:06:25.0867 5540	sffp_mmc - ok
16:06:25.0883 5540    sffp_sd 		(dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:06:25.0883 5540	sffp_sd - ok
16:06:25.0914 5540    sfloppy 		(a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:06:25.0914 5540	sfloppy - ok
16:06:25.0961 5540    SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:06:25.0961 5540	SiSRaid2 - ok
16:06:25.0992 5540    SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:06:25.0992 5540	SiSRaid4 - ok
16:06:26.0023 5540    Smb 			(548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:06:26.0023 5540	Smb - ok
16:06:26.0070 5540    spldr   		(b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:06:26.0070 5540	spldr - ok
16:06:26.0148 5540    srv 			(441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:06:26.0163 5540	srv - ok
16:06:26.0195 5540    srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:06:26.0195 5540	srv2 - ok
16:06:26.0226 5540    srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:06:26.0226 5540	srvnet - ok
16:06:26.0304 5540    stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:06:26.0304 5540	stexstor - ok
16:06:26.0351 5540	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:06:26.0351 5540	StillCam - ok
16:06:26.0397 5540    storflt 		(7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:06:26.0397 5540	storflt - ok
16:06:26.0429 5540    storvsc 		(d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:06:26.0429 5540	storvsc - ok
16:06:26.0460 5540    swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:06:26.0460 5540	swenum - ok
16:06:26.0507 5540	Synth3dVsc      (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
16:06:26.0507 5540	Synth3dVsc - ok
16:06:26.0585 5540    SynTP   		(5e3b232a614339399acc71fa3aaaaa6b) C:\Windows\system32\DRIVERS\SynTP.sys
16:06:26.0600 5540	SynTP - ok
16:06:26.0694 5540    Tcpip   		(fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:06:26.0709 5540	Tcpip - ok
16:06:26.0756 5540    TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:06:26.0772 5540	TCPIP6 - ok
16:06:26.0803 5540    tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:06:26.0803 5540	tcpipreg - ok
16:06:26.0834 5540    TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:06:26.0834 5540	TDPIPE - ok
16:06:26.0834 5540    TDTCP   		(e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:06:26.0850 5540	TDTCP - ok
16:06:26.0881 5540    tdx 			(ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:06:26.0881 5540	tdx - ok
16:06:26.0959 5540	teamviewervpn   (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
16:06:26.0959 5540	teamviewervpn - ok
16:06:26.0975 5540    TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:06:26.0990 5540	TermDD - ok
16:06:27.0006 5540    terminpt        (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
16:06:27.0006 5540	terminpt - ok
16:06:27.0068 5540    tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:06:27.0068 5540	tssecsrv - ok
16:06:27.0099 5540    TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:06:27.0099 5540	TsUsbFlt - ok
16:06:27.0131 5540    TsUsbGD 		(9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:06:27.0131 5540	TsUsbGD - ok
16:06:27.0146 5540    tsusbhub        (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
16:06:27.0146 5540	tsusbhub - ok
16:06:27.0193 5540	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:06:27.0193 5540	tunnel - ok
16:06:27.0240 5540    TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
16:06:27.0240 5540	TurboB - ok
16:06:27.0271 5540    uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:06:27.0271 5540	uagp35 - ok
16:06:27.0302 5540    udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:06:27.0302 5540	udfs - ok
16:06:27.0349 5540    uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:06:27.0349 5540	uliagpkx - ok
16:06:27.0365 5540    umbus   		(dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:06:27.0365 5540	umbus - ok
16:06:27.0411 5540    UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:06:27.0411 5540	UmPass - ok
16:06:27.0505 5540	upperdev        (4e93c8496359e97830c75ac36393654d) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
16:06:27.0505 5540	upperdev - ok
16:06:27.0567 5540    usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:06:27.0567 5540	usbaudio - ok
16:06:27.0630 5540    usbccgp 		(6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:06:27.0630 5540	usbccgp - ok
16:06:27.0677 5540    usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:06:27.0677 5540	usbcir - ok
16:06:27.0708 5540    usbehci 		(c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:06:27.0708 5540	usbehci - ok
16:06:27.0755 5540    usbhub      	(287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:06:27.0755 5540	usbhub - ok
16:06:27.0801 5540    usbohci 		(9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:06:27.0801 5540	usbohci - ok
16:06:27.0848 5540    usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
16:06:27.0848 5540	usbprint - ok
16:06:27.0911 5540    usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
16:06:27.0911 5540	usbser - ok
16:06:27.0957 5540	UsbserFilt      (8844cb19a37b65e27049d4a7786726a9) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
16:06:27.0957 5540	UsbserFilt - ok
16:06:27.0989 5540    USBSTOR 		(fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:06:27.0989 5540	USBSTOR - ok
16:06:28.0020 5540    usbuhci 		(62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:06:28.0020 5540	usbuhci - ok
16:06:28.0051 5540	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:06:28.0067 5540	usbvideo - ok
16:06:28.0113 5540    vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:06:28.0113 5540	vdrvroot - ok
16:06:28.0160 5540    vga 			(da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:06:28.0160 5540	vga - ok
16:06:28.0176 5540    VgaSave 		(53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:06:28.0191 5540	VgaSave - ok
16:06:28.0191 5540	VGPU - ok
16:06:28.0238 5540    vhdmp   		(2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:06:28.0238 5540	vhdmp - ok
16:06:28.0269 5540	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:06:28.0269 5540	viaide - ok
16:06:28.0301 5540    vmbus   		(86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:06:28.0301 5540	vmbus - ok
16:06:28.0332 5540    VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:06:28.0332 5540	VMBusHID - ok
16:06:28.0347 5540    volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:06:28.0347 5540	volmgr - ok
16:06:28.0394 5540    volmgrx 		(a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:06:28.0394 5540	volmgrx - ok
16:06:28.0425 5540    volsnap 		(0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:06:28.0425 5540	volsnap - ok
16:06:28.0457 5540    vsmraid 		(5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:06:28.0472 5540	vsmraid - ok
16:06:28.0488 5540	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:06:28.0488 5540	vwifibus - ok
16:06:28.0535 5540    vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:06:28.0535 5540	vwififlt - ok
16:06:28.0550 5540    vwifimp 		(6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:06:28.0550 5540	vwifimp - ok
16:06:28.0597 5540    WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:06:28.0613 5540	WacomPen - ok
16:06:28.0628 5540    WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:06:28.0644 5540	WANARP - ok
16:06:28.0644 5540    Wanarpv6    	(356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:06:28.0644 5540	Wanarpv6 - ok
16:06:28.0691 5540    Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:06:28.0691 5540	Wd - ok
16:06:28.0753 5540    WDC_SAM 		(a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:06:28.0753 5540	WDC_SAM - ok
16:06:28.0784 5540    Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:06:28.0800 5540	Wdf01000 - ok
16:06:28.0831 5540    WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:06:28.0831 5540	WfpLwf - ok
16:06:28.0862 5540    WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:06:28.0862 5540	WIMMount - ok
16:06:28.0925 5540    WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:06:28.0940 5540	WinUsb - ok
16:06:28.0956 5540    WmiAcpi 		(f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:06:28.0956 5540	WmiAcpi - ok
16:06:28.0971 5540    ws2ifsl 		(6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:06:28.0971 5540	ws2ifsl - ok
16:06:29.0003 5540    WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:06:29.0003 5540	WudfPf - ok
16:06:29.0049 5540    WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:06:29.0049 5540	WUDFRd - ok
16:06:29.0112 5540	MBR (0x1B8) 	(a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:06:29.0174 5540	\Device\Harddisk0\DR0 - ok
16:06:29.0190 5540	MBR (0x1B8) 	(a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:06:29.0190 5540	\Device\Harddisk1\DR1 - ok
16:06:29.0205 5540	Boot (0x1200)   (6e8d00673704ba8c9c8ba0dacfbd16f7) \Device\Harddisk0\DR0\Partition0
16:06:29.0205 5540	\Device\Harddisk0\DR0\Partition0 - ok
16:06:29.0221 5540	Boot (0x1200)   (6753cb980bbb37c96f60a2fdc563cafd) \Device\Harddisk0\DR0\Partition1
16:06:29.0221 5540	\Device\Harddisk0\DR0\Partition1 - ok
16:06:29.0221 5540	Boot (0x1200)   (2dba4dea007553da875237beb5da6a2c) \Device\Harddisk1\DR1\Partition0
16:06:29.0221 5540	\Device\Harddisk1\DR1\Partition0 - ok
16:06:29.0221 5540    ============================================================
16:06:29.0221 5540	Scan finished
16:06:29.0221 5540    ============================================================
16:06:29.0237 5372	Detected object count: 0
16:06:29.0237 5372	Actual detected object count: 0
16:07:59.0218 0304    ============================================================
16:07:59.0218 0304	Scan started
16:07:59.0218 0304	Mode: Manual; 
16:07:59.0218 0304    ============================================================
16:07:59.0498 0304    1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:07:59.0498 0304	1394ohci - ok
16:07:59.0514 0304	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:07:59.0514 0304	ACPI - ok
16:07:59.0530 0304    AcpiPmi 		(99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:07:59.0530 0304	AcpiPmi - ok
16:07:59.0561 0304    adp94xx 		(2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:07:59.0561 0304	adp94xx - ok
16:07:59.0592 0304    adpahci 		(597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:07:59.0592 0304	adpahci - ok
16:07:59.0623 0304    adpu320 		(e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:07:59.0623 0304	adpu320 - ok
16:07:59.0686 0304    AFD 			(1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:07:59.0686 0304	AFD - ok
16:07:59.0701 0304    agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:07:59.0701 0304	agp440 - ok
16:07:59.0717 0304	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:07:59.0732 0304	aliide - ok
16:07:59.0732 0304    amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:07:59.0732 0304	amdide - ok
16:07:59.0764 0304    AmdK8   		(7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:07:59.0764 0304	AmdK8 - ok
16:07:59.0779 0304    AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:07:59.0779 0304	AmdPPM - ok
16:07:59.0826 0304    amdsata 		(d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:07:59.0826 0304	amdsata - ok
16:07:59.0857 0304    amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:07:59.0857 0304	amdsbs - ok
16:07:59.0873 0304    amdxata 		(540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:07:59.0873 0304	amdxata - ok
16:07:59.0935 0304	AMPPAL          (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\AMPPAL.sys
16:07:59.0935 0304	AMPPAL - ok
16:07:59.0966 0304    AMPPALP 		(12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\amppal.sys
16:07:59.0966 0304	AMPPALP - ok
16:07:59.0982 0304    AppID   		(89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:07:59.0982 0304	AppID - ok
16:08:00.0029 0304    arc 			(c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:08:00.0029 0304	arc - ok
16:08:00.0044 0304    arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:08:00.0044 0304	arcsas - ok
16:08:00.0076 0304    AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:08:00.0076 0304	AsyncMac - ok
16:08:00.0107 0304    atapi   		(02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:08:00.0107 0304	atapi - ok
16:08:00.0200 0304	AVer7231_x64	(fd6d09d43563322543134d2c0136b41b) C:\Windows\system32\DRIVERS\AVer7231_x64.sys
16:08:00.0216 0304	AVer7231_x64 - ok
16:08:00.0247 0304    b06bdrv 		(3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:08:00.0247 0304	b06bdrv - ok
16:08:00.0263 0304    b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:08:00.0263 0304	b57nd60a - ok
16:08:00.0294 0304    Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:08:00.0294 0304	Beep - ok
16:08:00.0310 0304    blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:08:00.0310 0304	blbdrive - ok
16:08:00.0356 0304    bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:08:00.0356 0304	bowser - ok
16:08:00.0388 0304    BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:08:00.0388 0304	BrFiltLo - ok
16:08:00.0403 0304    BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:08:00.0403 0304	BrFiltUp - ok
16:08:00.0434 0304    BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:08:00.0434 0304	BridgeMP - ok
16:08:00.0466 0304    Brserid 		(43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:08:00.0481 0304	Brserid - ok
16:08:00.0497 0304    BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:08:00.0497 0304	BrSerWdm - ok
16:08:00.0512 0304    BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:08:00.0512 0304	BrUsbMdm - ok
16:08:00.0528 0304    BrUsbSer    	(a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:08:00.0528 0304	BrUsbSer - ok
16:08:00.0590 0304    BthEnum 		(cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:08:00.0590 0304	BthEnum - ok
16:08:00.0606 0304    BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:08:00.0606 0304	BTHMODEM - ok
16:08:00.0637 0304    BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:08:00.0637 0304	BthPan - ok
16:08:00.0668 0304    BTHPORT 		(64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:08:00.0668 0304	BTHPORT - ok
16:08:00.0700 0304    BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:08:00.0700 0304	BTHUSB - ok
16:08:00.0731 0304    btmaux          (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\Windows\system32\DRIVERS\btmaux.sys
16:08:00.0731 0304	btmaux - ok
16:08:00.0762 0304	btmhsf          (0c468d8da95be16bfdd380bb9de88259) C:\Windows\system32\DRIVERS\btmhsf.sys
16:08:00.0762 0304	btmhsf - ok
16:08:00.0762 0304	catchme - ok
16:08:00.0793 0304    cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:08:00.0793 0304	cdfs - ok
16:08:00.0809 0304    cdrom   		(f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:08:00.0824 0304	cdrom - ok
16:08:00.0840 0304    circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:08:00.0840 0304	circlass - ok
16:08:00.0871 0304    CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:08:00.0887 0304	CLFS - ok
16:08:00.0918 0304    CmBatt      	(0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:08:00.0918 0304	CmBatt - ok
16:08:00.0934 0304    cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:08:00.0934 0304	cmdide - ok
16:08:00.0996 0304    CNG 			(c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:08:01.0012 0304	CNG - ok
16:08:01.0027 0304    Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:08:01.0027 0304	Compbatt - ok
16:08:01.0043 0304	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:08:01.0043 0304	CompositeBus - ok
16:08:01.0058 0304    crcdisk 		(1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:08:01.0058 0304	crcdisk - ok
16:08:01.0105 0304    CSC 			(54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:08:01.0105 0304	CSC - ok
16:08:01.0152 0304    dc3d        	(1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
16:08:01.0152 0304	dc3d - ok
16:08:01.0183 0304    DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:08:01.0199 0304	DfsC - ok
16:08:01.0230 0304    discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:08:01.0230 0304	discache - ok
16:08:01.0246 0304    Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:08:01.0246 0304	Disk - ok
16:08:01.0277 0304    dmvsc   		(5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
16:08:01.0277 0304	dmvsc - ok
16:08:01.0308 0304    drmkaud 		(9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:08:01.0324 0304	drmkaud - ok
16:08:01.0355 0304	dtsoftbus01 	(d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:08:01.0370 0304	dtsoftbus01 - ok
16:08:01.0402 0304    DXGKrnl 		(f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:08:01.0417 0304	DXGKrnl - ok
16:08:01.0511 0304    ebdrv   		(dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:08:01.0526 0304	ebdrv - ok
16:08:01.0558 0304    elxstor 		(0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:08:01.0558 0304	elxstor - ok
16:08:01.0589 0304    ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:08:01.0589 0304	ErrDev - ok
16:08:01.0604 0304    exfat   		(a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:08:01.0604 0304	exfat - ok
16:08:01.0620 0304    fastfat 		(0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:08:01.0636 0304	fastfat - ok
16:08:01.0651 0304    fdc 			(d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:08:01.0651 0304	fdc - ok
16:08:01.0667 0304    FileInfo    	(655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:08:01.0667 0304	FileInfo - ok
16:08:01.0682 0304    Filetrace   	(5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:08:01.0682 0304	Filetrace - ok
16:08:01.0698 0304    flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:08:01.0698 0304	flpydisk - ok
16:08:01.0729 0304    FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:08:01.0729 0304	FltMgr - ok
16:08:01.0745 0304    FsDepends   	(d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:08:01.0760 0304	FsDepends - ok
16:08:01.0776 0304    Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:08:01.0776 0304	Fs_Rec - ok
16:08:01.0807 0304    fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:08:01.0807 0304	fvevol - ok
16:08:01.0823 0304	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:08:01.0838 0304	gagp30kx - ok
16:08:01.0885 0304    hamachi 		(1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:08:01.0885 0304	hamachi - ok
16:08:01.0901 0304    hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:08:01.0901 0304	hcw85cir - ok
16:08:01.0932 0304	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:08:01.0948 0304	HdAudAddService - ok
16:08:01.0963 0304    HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:08:01.0963 0304	HDAudBus - ok
16:08:01.0979 0304    HidBatt 		(78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:08:01.0979 0304	HidBatt - ok
16:08:02.0010 0304    HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:08:02.0010 0304	HidBth - ok
16:08:02.0026 0304    HidIr   		(0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:08:02.0041 0304	HidIr - ok
16:08:02.0057 0304    HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:08:02.0057 0304	HidUsb - ok
16:08:02.0088 0304    HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:08:02.0088 0304	HpSAMD - ok
16:08:02.0119 0304    HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:08:02.0135 0304	HTTP - ok
16:08:02.0150 0304    hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:08:02.0150 0304	hwpolicy - ok
16:08:02.0182 0304    i8042prt    	(fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:08:02.0182 0304	i8042prt - ok
16:08:02.0213 0304    iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
16:08:02.0228 0304	iaStor - ok
16:08:02.0275 0304    iaStorV 		(aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:08:02.0291 0304	iaStorV - ok
16:08:02.0322 0304	iBtFltCoex      (fc85972037815fa7b413e790b426acb2) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:08:02.0322 0304	iBtFltCoex - ok
16:08:02.0556 0304    igfx            (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:08:02.0618 0304	igfx - ok
16:08:02.0634 0304    iirsp   		(5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:08:02.0634 0304	iirsp - ok
16:08:02.0743 0304	IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
16:08:02.0759 0304	IntcAzAudAddService - ok
16:08:02.0790 0304    IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:08:02.0790 0304	IntcDAud - ok
16:08:02.0806 0304    intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:08:02.0806 0304	intelide - ok
16:08:02.0837 0304    intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:08:02.0837 0304	intelppm - ok
16:08:02.0868 0304	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:08:02.0868 0304	IpFilterDriver - ok
16:08:02.0899 0304    IPMIDRV 		(0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:08:02.0899 0304	IPMIDRV - ok
16:08:02.0915 0304    IPNAT   		(af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:08:02.0915 0304	IPNAT - ok
16:08:02.0946 0304    IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:08:02.0946 0304	IRENUM - ok
16:08:02.0962 0304    isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:08:02.0962 0304	isapnp - ok
16:08:02.0993 0304    iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:08:03.0008 0304	iScsiPrt - ok
16:08:03.0008 0304	JMCR - ok
16:08:03.0055 0304    kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:08:03.0055 0304	kbdclass - ok
16:08:03.0071 0304    kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:08:03.0071 0304	kbdhid - ok
16:08:03.0133 0304    KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:08:03.0133 0304	KSecDD - ok
16:08:03.0149 0304    KSecPkg 		(7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:08:03.0164 0304	KSecPkg - ok
16:08:03.0180 0304    ksthunk 		(6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:08:03.0180 0304	ksthunk - ok
16:08:03.0211 0304    lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:08:03.0211 0304	lltdio - ok
16:08:03.0274 0304	LMIInfo - ok
16:08:03.0320 0304    lmimirr 		(413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
16:08:03.0320 0304	lmimirr - ok
16:08:03.0336 0304	LMIRfsClientNP - ok
16:08:03.0352 0304	LMIRfsDriver    (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:08:03.0367 0304	LMIRfsDriver - ok
16:08:03.0383 0304    LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:08:03.0398 0304	LSI_FC - ok
16:08:03.0414 0304    LSI_SAS 		(1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:08:03.0414 0304	LSI_SAS - ok
16:08:03.0430 0304    LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:08:03.0445 0304	LSI_SAS2 - ok
16:08:03.0461 0304    LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:08:03.0461 0304	LSI_SCSI - ok
16:08:03.0492 0304    luafv   		(43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:08:03.0492 0304	luafv - ok
16:08:03.0523 0304    megasas 		(a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:08:03.0523 0304	megasas - ok
16:08:03.0554 0304    MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:08:03.0570 0304	MegaSR - ok
16:08:03.0586 0304    MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:08:03.0601 0304	MEIx64 - ok
16:08:03.0632 0304    Modem   		(800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:08:03.0632 0304	Modem - ok
16:08:03.0695 0304    monitor 		(b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:08:03.0695 0304	monitor - ok
16:08:03.0710 0304    mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:08:03.0726 0304	mouclass - ok
16:08:03.0742 0304    mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:08:03.0742 0304	mouhid - ok
16:08:03.0757 0304    mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:08:03.0757 0304	mountmgr - ok
16:08:03.0788 0304    MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:08:03.0788 0304	MpFilter - ok
16:08:03.0820 0304    mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:08:03.0820 0304	mpio - ok
16:08:03.0851 0304    MpNWMon 		(8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:08:03.0851 0304	MpNWMon - ok
16:08:03.0866 0304    mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:08:03.0882 0304	mpsdrv - ok
16:08:03.0898 0304    MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:08:03.0898 0304	MRxDAV - ok
16:08:03.0960 0304    mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:08:03.0960 0304	mrxsmb - ok
16:08:03.0991 0304    mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:08:03.0991 0304	mrxsmb10 - ok
16:08:04.0038 0304    mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:08:04.0038 0304	mrxsmb20 - ok
16:08:04.0069 0304    msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:08:04.0069 0304	msahci - ok
16:08:04.0085 0304	msdsm   		(db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:08:04.0100 0304	msdsm - ok
16:08:04.0132 0304    Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:08:04.0132 0304	Msfs - ok
16:08:04.0147 0304    mshidkmdf   	(f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:08:04.0147 0304	mshidkmdf - ok
16:08:04.0178 0304    msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:08:04.0178 0304	msisadrv - ok
16:08:04.0194 0304    MSKSSRV 		(49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:08:04.0194 0304	MSKSSRV - ok
16:08:04.0210 0304    MSPCLOCK    	(bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:08:04.0225 0304	MSPCLOCK - ok
16:08:04.0225 0304    MSPQM   		(4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:08:04.0225 0304	MSPQM - ok
16:08:04.0256 0304	MsRPC   		(759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:08:04.0256 0304	MsRPC - ok
16:08:04.0288 0304    mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:08:04.0288 0304	mssmbios - ok
16:08:04.0319 0304    MSTEE   		(2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:08:04.0319 0304	MSTEE - ok
16:08:04.0334 0304    MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:08:04.0334 0304	MTConfig - ok
16:08:04.0366 0304    Mup 			(f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:08:04.0366 0304	Mup - ok
16:08:04.0397 0304    mvCmdemo    	(d8cb9a12d29313e3d45520db2c81fbd3) C:\Windows\system32\Drivers\mvCmdemo.SYS
16:08:04.0397 0304	mvCmdemo - ok
16:08:04.0428 0304	mvvideodemo 	(ce0156be8134b4148a6d09d133ed09db) C:\Windows\system32\DRIVERS\mvvideodemo.sys
16:08:04.0428 0304	mvvideodemo - ok
16:08:04.0490 0304	NativeWifiP 	(1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:08:04.0490 0304	NativeWifiP - ok
16:08:04.0537 0304    NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:08:04.0553 0304	NDIS - ok
16:08:04.0568 0304    NdisCap 		(9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:08:04.0568 0304	NdisCap - ok
16:08:04.0584 0304    NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:08:04.0600 0304	NdisTapi - ok
16:08:04.0615 0304    Ndisuio 		(136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:08:04.0615 0304	Ndisuio - ok
16:08:04.0646 0304    NdisWan 		(53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:08:04.0646 0304	NdisWan - ok
16:08:04.0678 0304    NDProxy 		(015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:08:04.0678 0304	NDProxy - ok
16:08:04.0693 0304    NetBIOS 		(86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:08:04.0709 0304	NetBIOS - ok
16:08:04.0724 0304    NetBT   		(09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:08:04.0740 0304	NetBT - ok
16:08:04.0958 0304    NETwNs64        (774c9eccef83ab8a3d1466f19809c95f) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:08:04.0990 0304	NETwNs64 - ok
16:08:05.0021 0304    nfrd960 		(77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:08:05.0021 0304	nfrd960 - ok
16:08:05.0052 0304    NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:08:05.0052 0304	NisDrv - ok
16:08:05.0099 0304	nmwcd   		(907b5e1e4a592e5edc5e4ccbde4863c2) C:\Windows\system32\drivers\ccdcmbx64.sys
16:08:05.0099 0304	nmwcd - ok
16:08:05.0130 0304    nmwcdc          (41c1ac1f3613435eb32d67bcb80a5fa5) C:\Windows\system32\drivers\ccdcmbox64.sys
16:08:05.0130 0304	nmwcdc - ok
16:08:05.0161 0304    Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:08:05.0161 0304	Npfs - ok
16:08:05.0177 0304    nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:08:05.0192 0304	nsiproxy - ok
16:08:05.0270 0304    Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:08:05.0286 0304	Ntfs - ok
16:08:05.0302 0304    Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:08:05.0302 0304	Null - ok
16:08:05.0333 0304    nusb3hub        (d584abb6a308933a5f72b46c9e5a783f) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:08:05.0333 0304	nusb3hub - ok
16:08:05.0364 0304	nusb3xhc        (345b9c04e2036da4346e3249a5bdfd06) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:08:05.0364 0304	nusb3xhc - ok
16:08:05.0395 0304    NVHDA   		(10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
16:08:05.0395 0304	NVHDA - ok
16:08:05.0426 0304    nvkflt          (63bcd806f51c31159193697f306feb7f) C:\Windows\system32\DRIVERS\nvkflt.sys
16:08:05.0426 0304	nvkflt - ok
16:08:05.0660 0304    nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:08:05.0707 0304	nvlddmkm - ok
16:08:05.0754 0304    nvoclk64        (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
16:08:05.0754 0304	nvoclk64 - ok
16:08:05.0785 0304    nvpciflt    	(682ea9ed3399d6066f0daecf7938727e) C:\Windows\system32\DRIVERS\nvpciflt.sys
16:08:05.0785 0304	nvpciflt - ok
16:08:05.0832 0304    nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:08:05.0832 0304	nvraid - ok
16:08:05.0894 0304    nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:08:05.0894 0304	nvstor - ok
16:08:05.0941 0304    nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:08:05.0941 0304	nv_agp - ok
16:08:05.0972 0304    ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:08:05.0972 0304	ohci1394 - ok
16:08:06.0004 0304    Parport 		(0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:08:06.0004 0304	Parport - ok
16:08:06.0035 0304    partmgr 		(871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:08:06.0035 0304	partmgr - ok
16:08:06.0050 0304	pccsmcfd - ok
16:08:06.0082 0304    pci 			(94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:08:06.0082 0304	pci - ok
16:08:06.0097 0304    pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:08:06.0097 0304	pciide - ok
16:08:06.0128 0304    pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:08:06.0128 0304	pcmcia - ok
16:08:06.0160 0304    pcw 			(d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:08:06.0160 0304	pcw - ok
16:08:06.0191 0304    PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:08:06.0206 0304	PEAUTH - ok
16:08:06.0269 0304    Point64 		(4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
16:08:06.0269 0304	Point64 - ok
16:08:06.0300 0304	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:08:06.0300 0304	PptpMiniport - ok
16:08:06.0316 0304    Processor   	(0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:08:06.0316 0304	Processor - ok
16:08:06.0347 0304    Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:08:06.0347 0304	Psched - ok
16:08:06.0394 0304    PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:08:06.0394 0304	PxHlpa64 - ok
16:08:06.0425 0304    qicflt          (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
16:08:06.0425 0304	qicflt - ok
16:08:06.0487 0304    ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:08:06.0503 0304	ql2300 - ok
16:08:06.0534 0304    ql40xx      	(4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:08:06.0534 0304	ql40xx - ok
16:08:06.0550 0304    QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:08:06.0550 0304	QWAVEdrv - ok
16:08:06.0596 0304    radpms          (58435613c2537715a9423597ec6635cc) C:\Windows\system32\DRIVERS\radpms.sys
16:08:06.0596 0304	radpms - ok
16:08:06.0628 0304    RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:08:06.0628 0304	RasAcd - ok
16:08:06.0659 0304	RasAgileVpn 	(7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:08:06.0659 0304	RasAgileVpn - ok
16:08:06.0674 0304    Rasl2tp 		(471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:08:06.0674 0304	Rasl2tp - ok
16:08:06.0706 0304    RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:08:06.0706 0304	RasPppoe - ok
16:08:06.0721 0304	RasSstp 		(e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:08:06.0721 0304	RasSstp - ok
16:08:06.0752 0304    rdbss   		(77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:08:06.0752 0304	rdbss - ok
16:08:06.0784 0304    rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:08:06.0784 0304	rdpbus - ok
16:08:06.0815 0304    RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:08:06.0815 0304	RDPCDD - ok
16:08:06.0846 0304    RDPDR   		(1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:08:06.0846 0304	RDPDR - ok
16:08:06.0877 0304    RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:08:06.0877 0304	RDPENCDD - ok
16:08:06.0893 0304    RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:08:06.0893 0304	RDPREFMP - ok
16:08:06.0940 0304	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:08:06.0940 0304	RdpVideoMiniport - ok
16:08:06.0955 0304    RDPWD   		(15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:08:06.0971 0304	RDPWD - ok
16:08:06.0986 0304    rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:08:06.0986 0304	rdyboost - ok
16:08:07.0033 0304    RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:08:07.0033 0304	RFCOMM - ok
16:08:07.0064 0304    rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:08:07.0064 0304	rspndr - ok
16:08:07.0127 0304    RTL8167 		(9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:08:07.0142 0304	RTL8167 - ok
16:08:07.0174 0304    s3cap   		(e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:08:07.0174 0304	s3cap - ok
16:08:07.0189 0304    sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:08:07.0205 0304	sbp2port - ok
16:08:07.0236 0304    scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:08:07.0236 0304	scfilter - ok
16:08:07.0283 0304    sdbus   		(111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
16:08:07.0283 0304	sdbus - ok
16:08:07.0314 0304    secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:08:07.0314 0304	secdrv - ok
16:08:07.0330 0304    Serenum 		(cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:08:07.0345 0304	Serenum - ok
16:08:07.0361 0304	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:08:07.0361 0304	Serial - ok
16:08:07.0408 0304    sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:08:07.0408 0304	sermouse - ok
16:08:07.0439 0304    sffdisk 		(a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:08:07.0439 0304	sffdisk - ok
16:08:07.0454 0304    sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:08:07.0454 0304	sffp_mmc - ok
16:08:07.0470 0304    sffp_sd 		(dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:08:07.0470 0304	sffp_sd - ok
16:08:07.0486 0304    sfloppy 		(a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:08:07.0486 0304	sfloppy - ok
16:08:07.0517 0304    SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:08:07.0517 0304	SiSRaid2 - ok
16:08:07.0532 0304    SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:08:07.0532 0304	SiSRaid4 - ok
16:08:07.0548 0304    Smb 			(548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:08:07.0548 0304	Smb - ok
16:08:07.0579 0304    spldr   		(b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:08:07.0579 0304	spldr - ok
16:08:07.0642 0304    srv 			(441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:08:07.0642 0304	srv - ok
16:08:07.0673 0304    srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:08:07.0673 0304	srv2 - ok
16:08:07.0704 0304    srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:08:07.0704 0304	srvnet - ok
16:08:07.0735 0304    stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:08:07.0735 0304	stexstor - ok
16:08:07.0782 0304	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:08:07.0798 0304	StillCam - ok
16:08:07.0829 0304    storflt 		(7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:08:07.0829 0304	storflt - ok
16:08:07.0860 0304    storvsc 		(d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:08:07.0860 0304	storvsc - ok
16:08:07.0876 0304    swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:08:07.0876 0304	swenum - ok
16:08:07.0907 0304	Synth3dVsc      (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
16:08:07.0907 0304	Synth3dVsc - ok
16:08:07.0969 0304    SynTP   		(5e3b232a614339399acc71fa3aaaaa6b) C:\Windows\system32\DRIVERS\SynTP.sys
16:08:07.0985 0304	SynTP - ok
16:08:08.0078 0304    Tcpip   		(fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:08:08.0078 0304	Tcpip - ok
16:08:08.0125 0304    TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:08:08.0125 0304	TCPIP6 - ok
16:08:08.0141 0304    tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:08:08.0141 0304	tcpipreg - ok
16:08:08.0172 0304    TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:08:08.0172 0304	TDPIPE - ok
16:08:08.0188 0304    TDTCP   		(e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:08:08.0188 0304	TDTCP - ok
16:08:08.0219 0304    tdx 			(ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:08:08.0219 0304	tdx - ok
16:08:08.0266 0304	teamviewervpn   (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
16:08:08.0281 0304	teamviewervpn - ok
16:08:08.0312 0304    TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:08:08.0312 0304	TermDD - ok
16:08:08.0344 0304    terminpt        (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
16:08:08.0344 0304	terminpt - ok
16:08:08.0375 0304    tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:08:08.0375 0304	tssecsrv - ok
16:08:08.0390 0304    TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:08:08.0390 0304	TsUsbFlt - ok
16:08:08.0406 0304    TsUsbGD 		(9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:08:08.0406 0304	TsUsbGD - ok
16:08:08.0437 0304    tsusbhub        (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
16:08:08.0437 0304	tsusbhub - ok
16:08:08.0453 0304	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:08:08.0453 0304	tunnel - ok
16:08:08.0500 0304    TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
16:08:08.0500 0304	TurboB - ok
16:08:08.0531 0304    uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:08:08.0531 0304	uagp35 - ok
16:08:08.0562 0304    udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:08:08.0562 0304	udfs - ok
16:08:08.0593 0304    uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:08:08.0593 0304	uliagpkx - ok
16:08:08.0624 0304    umbus   		(dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:08:08.0624 0304	umbus - ok
16:08:08.0656 0304    UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:08:08.0656 0304	UmPass - ok
16:08:08.0718 0304    upperdev        (4e93c8496359e97830c75ac36393654d) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
16:08:08.0718 0304	upperdev - ok
16:08:08.0765 0304    usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:08:08.0765 0304	usbaudio - ok
16:08:08.0812 0304    usbccgp 		(6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:08:08.0812 0304	usbccgp - ok
16:08:08.0843 0304    usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:08:08.0843 0304	usbcir - ok
16:08:08.0858 0304    usbehci 		(c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:08:08.0858 0304	usbehci - ok
16:08:08.0890 0304    usbhub      	(287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:08:08.0890 0304	usbhub - ok
16:08:08.0921 0304    usbohci 		(9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:08:08.0921 0304	usbohci - ok
16:08:08.0968 0304    usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
16:08:08.0968 0304	usbprint - ok
16:08:09.0030 0304    usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
16:08:09.0030 0304	usbser - ok
16:08:09.0061 0304	UsbserFilt      (8844cb19a37b65e27049d4a7786726a9) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
16:08:09.0077 0304	UsbserFilt - ok
16:08:09.0092 0304    USBSTOR 		(fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:08:09.0092 0304	USBSTOR - ok
16:08:09.0124 0304    usbuhci 		(62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:08:09.0124 0304	usbuhci - ok
16:08:09.0155 0304	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:08:09.0170 0304	usbvideo - ok
16:08:09.0186 0304    vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:08:09.0186 0304	vdrvroot - ok
16:08:09.0233 0304    vga 			(da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:08:09.0233 0304	vga - ok
16:08:09.0248 0304    VgaSave 		(53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:08:09.0264 0304	VgaSave - ok
16:08:09.0264 0304	VGPU - ok
16:08:09.0311 0304    vhdmp   		(2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:08:09.0311 0304	vhdmp - ok
16:08:09.0326 0304	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:08:09.0326 0304	viaide - ok
16:08:09.0358 0304    vmbus   		(86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:08:09.0373 0304	vmbus - ok
16:08:09.0389 0304    VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:08:09.0389 0304	VMBusHID - ok
16:08:09.0420 0304    volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:08:09.0420 0304	volmgr - ok
16:08:09.0451 0304    volmgrx 		(a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:08:09.0451 0304	volmgrx - ok
16:08:09.0498 0304    volsnap 		(0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:08:09.0498 0304	volsnap - ok
16:08:09.0529 0304    vsmraid 		(5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:08:09.0529 0304	vsmraid - ok
16:08:09.0560 0304	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:08:09.0560 0304	vwifibus - ok
16:08:09.0576 0304    vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:08:09.0576 0304	vwififlt - ok
16:08:09.0592 0304    vwifimp 		(6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:08:09.0592 0304	vwifimp - ok
16:08:09.0623 0304    WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:08:09.0623 0304	WacomPen - ok
16:08:09.0638 0304    WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:08:09.0638 0304	WANARP - ok
16:08:09.0654 0304    Wanarpv6    	(356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:08:09.0654 0304	Wanarpv6 - ok
16:08:09.0685 0304    Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:08:09.0685 0304	Wd - ok
16:08:09.0732 0304    WDC_SAM 		(a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:08:09.0732 0304	WDC_SAM - ok
16:08:09.0779 0304    Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:08:09.0779 0304	Wdf01000 - ok
16:08:09.0826 0304    WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:08:09.0826 0304	WfpLwf - ok
16:08:09.0841 0304    WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:08:09.0841 0304	WIMMount - ok
16:08:09.0904 0304    WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:08:09.0904 0304	WinUsb - ok
16:08:09.0919 0304    WmiAcpi 		(f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:08:09.0935 0304	WmiAcpi - ok
16:08:09.0966 0304    ws2ifsl 		(6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:08:09.0966 0304	ws2ifsl - ok
16:08:09.0997 0304    WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:08:09.0997 0304	WudfPf - ok
16:08:10.0013 0304    WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:08:10.0028 0304	WUDFRd - ok
16:08:10.0060 0304	MBR (0x1B8) 	(a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:08:10.0122 0304	\Device\Harddisk0\DR0 - ok
16:08:10.0122 0304	MBR (0x1B8) 	(a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:08:10.0138 0304	\Device\Harddisk1\DR1 - ok
16:08:10.0153 0304	Boot (0x1200)   (6e8d00673704ba8c9c8ba0dacfbd16f7) \Device\Harddisk0\DR0\Partition0
16:08:10.0153 0304	\Device\Harddisk0\DR0\Partition0 - ok
16:08:10.0153 0304	Boot (0x1200)   (6753cb980bbb37c96f60a2fdc563cafd) \Device\Harddisk0\DR0\Partition1
16:08:10.0169 0304	\Device\Harddisk0\DR0\Partition1 - ok
16:08:10.0169 0304	Boot (0x1200)   (2dba4dea007553da875237beb5da6a2c) \Device\Harddisk1\DR1\Partition0
16:08:10.0169 0304	\Device\Harddisk1\DR1\Partition0 - ok
16:08:10.0169 0304    ============================================================
16:08:10.0169 0304	Scan finished
16:08:10.0169 0304    ============================================================
16:08:10.0184 3820	Detected object count: 0
16:08:10.0184 3820	Actual detected object count: 0
16:08:53.0818 5964    ============================================================
16:08:53.0818 5964	Scan started
16:08:53.0818 5964	Mode: Manual; SigCheck; TDLFS; 
16:08:53.0818 5964    ============================================================
16:08:54.0161 5964    1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:08:54.0255 5964	1394ohci - ok
16:08:54.0286 5964    ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:08:54.0286 5964	ACPI - ok
16:08:54.0317 5964    AcpiPmi 		(99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:08:54.0379 5964	AcpiPmi - ok
16:08:54.0411 5964    adp94xx 		(2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:08:54.0426 5964	adp94xx - ok
16:08:54.0457 5964    adpahci 		(597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:08:54.0473 5964	adpahci - ok
16:08:54.0489 5964    adpu320 		(e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:08:54.0504 5964	adpu320 - ok
16:08:54.0551 5964    AFD 			(1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:08:54.0598 5964	AFD - ok
16:08:54.0613 5964    agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:08:54.0629 5964	agp440 - ok
16:08:54.0645 5964    aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:08:54.0660 5964	aliide - ok
16:08:54.0676 5964    amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:08:54.0676 5964	amdide - ok
16:08:54.0691 5964    AmdK8   		(7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:08:54.0723 5964	AmdK8 - ok
16:08:54.0738 5964    AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:08:54.0754 5964	AmdPPM - ok
16:08:54.0785 5964    amdsata 		(d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:08:54.0801 5964	amdsata - ok
16:08:54.0832 5964    amdsbs      	(f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:08:54.0847 5964	amdsbs - ok
16:08:54.0863 5964    amdxata 		(540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:08:54.0863 5964	amdxata - ok
16:08:54.0910 5964    AMPPAL          (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\AMPPAL.sys
16:08:54.0957 5964	AMPPAL - ok
16:08:54.0988 5964    AMPPALP 		(12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\amppal.sys
16:08:55.0019 5964	AMPPALP - ok
16:08:55.0035 5964    AppID   		(89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:08:55.0113 5964	AppID - ok
16:08:55.0144 5964    arc 			(c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:08:55.0144 5964	arc - ok
16:08:55.0175 5964    arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:08:55.0191 5964	arcsas - ok
16:08:55.0222 5964    AsyncMac    	(769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:08:55.0269 5964	AsyncMac - ok
16:08:55.0284 5964    atapi   		(02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:08:55.0300 5964	atapi - ok
16:08:55.0362 5964	AVer7231_x64    (fd6d09d43563322543134d2c0136b41b) C:\Windows\system32\DRIVERS\AVer7231_x64.sys
16:08:55.0409 5964	AVer7231_x64 - ok
16:08:55.0456 5964    b06bdrv 		(3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:08:55.0503 5964	b06bdrv - ok
16:08:55.0534 5964    b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:08:55.0549 5964	b57nd60a - ok
16:08:55.0581 5964    Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:08:55.0627 5964	Beep - ok
16:08:55.0643 5964    blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:08:55.0659 5964	blbdrive - ok
16:08:55.0705 5964    bowser      	(6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:08:55.0752 5964	bowser - ok
16:08:55.0768 5964    BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:08:55.0830 5964	BrFiltLo - ok
16:08:55.0861 5964    BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:08:55.0877 5964	BrFiltUp - ok
16:08:55.0893 5964    BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:08:55.0939 5964	BridgeMP - ok
16:08:55.0971 5964    Brserid 		(43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:08:56.0002 5964	Brserid - ok
16:08:56.0033 5964    BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:08:56.0049 5964	BrSerWdm - ok
16:08:56.0064 5964    BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:08:56.0095 5964	BrUsbMdm - ok
16:08:56.0111 5964	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:08:56.0127 5964	BrUsbSer - ok
16:08:56.0173 5964    BthEnum 		(cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:08:56.0220 5964	BthEnum - ok
16:08:56.0251 5964    BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:08:56.0283 5964	BTHMODEM - ok
16:08:56.0298 5964    BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:08:56.0345 5964	BthPan - ok
16:08:56.0361 5964    BTHPORT 		(64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:08:56.0392 5964	BTHPORT - ok
16:08:56.0407 5964    BTHUSB      	(f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:08:56.0423 5964	BTHUSB - ok
16:08:56.0485 5964    btmaux          (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\Windows\system32\DRIVERS\btmaux.sys
16:08:56.0501 5964	btmaux - ok
16:08:56.0532 5964    btmhsf          (0c468d8da95be16bfdd380bb9de88259) C:\Windows\system32\DRIVERS\btmhsf.sys
16:08:56.0579 5964	btmhsf - ok
16:08:56.0579 5964	catchme - ok
16:08:56.0610 5964    cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:08:56.0673 5964	cdfs - ok
16:08:56.0688 5964    cdrom   		(f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:08:56.0704 5964	cdrom - ok
16:08:56.0735 5964    circlass    	(d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:08:56.0782 5964	circlass - ok
16:08:56.0813 5964    CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:08:56.0829 5964	CLFS - ok
16:08:56.0860 5964    CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:08:56.0891 5964	CmBatt - ok
16:08:56.0907 5964    cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:08:56.0907 5964	cmdide - ok
16:08:56.0969 5964    CNG 			(c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:08:57.0016 5964	CNG - ok
16:08:57.0031 5964    Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:08:57.0031 5964	Compbatt - ok
16:08:57.0047 5964	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:08:57.0063 5964	CompositeBus - ok
16:08:57.0078 5964    crcdisk 		(1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:08:57.0094 5964	crcdisk - ok
16:08:57.0125 5964    CSC 			(54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:08:57.0203 5964	CSC - ok
16:08:57.0250 5964	dc3d            (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
16:08:57.0265 5964	dc3d - ok
16:08:57.0297 5964    DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:08:57.0343 5964	DfsC - ok
16:08:57.0359 5964    discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:08:57.0406 5964	discache - ok
16:08:57.0406 5964    Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:08:57.0421 5964	Disk - ok
16:08:57.0453 5964    dmvsc   		(5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
16:08:57.0484 5964	dmvsc - ok
16:08:57.0531 5964    drmkaud 		(9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:08:57.0562 5964	drmkaud - ok
16:08:57.0593 5964	dtsoftbus01 	(d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:08:57.0624 5964	dtsoftbus01 - ok
16:08:57.0655 5964	DXGKrnl 		(f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:08:57.0671 5964	DXGKrnl - ok
16:08:57.0765 5964    ebdrv   		(dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:08:57.0811 5964	ebdrv - ok
16:08:57.0843 5964    elxstor 		(0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:08:57.0858 5964	elxstor - ok
16:08:57.0874 5964    ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:08:57.0889 5964	ErrDev - ok
16:08:57.0921 5964    exfat   		(a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:08:57.0936 5964	exfat - ok
16:08:57.0952 5964    fastfat 		(0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:08:57.0983 5964	fastfat - ok
16:08:57.0999 5964    fdc 			(d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:08:58.0045 5964	fdc - ok
16:08:58.0077 5964    FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:08:58.0092 5964	FileInfo - ok
16:08:58.0108 5964    Filetrace   	(5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:08:58.0155 5964	Filetrace - ok
16:08:58.0170 5964    flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:08:58.0186 5964	flpydisk - ok
16:08:58.0201 5964    FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:08:58.0217 5964	FltMgr - ok
16:08:58.0233 5964    FsDepends   	(d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:08:58.0233 5964	FsDepends - ok
16:08:58.0248 5964    Fs_Rec      	(e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:08:58.0264 5964	Fs_Rec - ok
16:08:58.0279 5964    fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:08:58.0295 5964	fvevol - ok
16:08:58.0311 5964    gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:08:58.0311 5964	gagp30kx - ok
16:08:58.0357 5964    hamachi 		(1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:08:58.0373 5964	hamachi - ok
16:08:58.0389 5964    hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:08:58.0435 5964	hcw85cir - ok
16:08:58.0482 5964	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:08:58.0529 5964	HdAudAddService - ok
16:08:58.0545 5964    HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:08:58.0591 5964	HDAudBus - ok
16:08:58.0607 5964	HidBatt 		(78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:08:58.0623 5964	HidBatt - ok
16:08:58.0638 5964    HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:08:58.0669 5964	HidBth - ok
16:08:58.0669 5964    HidIr   		(0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:08:58.0701 5964	HidIr - ok
16:08:58.0716 5964    HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:08:58.0747 5964	HidUsb - ok
16:08:58.0779 5964    HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:08:58.0779 5964	HpSAMD - ok
16:08:58.0810 5964    HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:08:58.0857 5964	HTTP - ok
16:08:58.0872 5964    hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:08:58.0888 5964	hwpolicy - ok
16:08:58.0903 5964	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:08:58.0903 5964	i8042prt - ok
16:08:58.0935 5964    iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
16:08:58.0950 5964	iaStor - ok
16:08:59.0013 5964    iaStorV 		(aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:08:59.0044 5964	iaStorV - ok
16:08:59.0075 5964	iBtFltCoex      (fc85972037815fa7b413e790b426acb2) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:08:59.0106 5964	iBtFltCoex - ok
16:08:59.0356 5964    igfx            (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:08:59.0527 5964	igfx - ok
16:08:59.0574 5964    iirsp   		(5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:08:59.0590 5964	iirsp - ok
16:08:59.0715 5964	IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
16:08:59.0761 5964	IntcAzAudAddService - ok
16:08:59.0777 5964    IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:08:59.0824 5964	IntcDAud - ok
16:08:59.0855 5964    intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:08:59.0871 5964	intelide - ok
16:08:59.0886 5964    intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:08:59.0917 5964	intelppm - ok
16:08:59.0949 5964	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:08:59.0980 5964	IpFilterDriver - ok
16:09:00.0011 5964    IPMIDRV 		(0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:09:00.0027 5964	IPMIDRV - ok
16:09:00.0042 5964    IPNAT   		(af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:09:00.0073 5964	IPNAT - ok
16:09:00.0089 5964    IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:09:00.0167 5964	IRENUM - ok
16:09:00.0198 5964    isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:09:00.0214 5964	isapnp - ok
16:09:00.0245 5964    iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:09:00.0261 5964	iScsiPrt - ok
16:09:00.0276 5964	JMCR - ok
16:09:00.0292 5964    kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:09:00.0307 5964	kbdclass - ok
16:09:00.0323 5964    kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:09:00.0339 5964	kbdhid - ok
16:09:00.0385 5964    KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:09:00.0385 5964	KSecDD - ok
16:09:00.0401 5964    KSecPkg 		(7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:09:00.0417 5964	KSecPkg - ok
16:09:00.0432 5964    ksthunk 		(6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:09:00.0463 5964	ksthunk - ok
16:09:00.0479 5964    lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:09:00.0510 5964	lltdio - ok
16:09:00.0557 5964	LMIInfo - ok
16:09:00.0619 5964    lmimirr 		(413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
16:09:00.0635 5964	lmimirr - ok
16:09:00.0651 5964	LMIRfsClientNP - ok
16:09:00.0666 5964	LMIRfsDriver    (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:09:00.0697 5964	LMIRfsDriver - ok
16:09:00.0713 5964    LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:09:00.0713 5964	LSI_FC - ok
16:09:00.0729 5964    LSI_SAS 		(1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:09:00.0744 5964	LSI_SAS - ok
16:09:00.0760 5964    LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:09:00.0775 5964	LSI_SAS2 - ok
16:09:00.0791 5964    LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:09:00.0807 5964	LSI_SCSI - ok
16:09:00.0822 5964    luafv   		(43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:09:00.0853 5964	luafv - ok
16:09:00.0885 5964    megasas 		(a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:09:00.0885 5964	megasas - ok
16:09:00.0916 5964    MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:09:00.0931 5964	MegaSR - ok
16:09:00.0963 5964    MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:09:00.0963 5964	MEIx64 - ok
16:09:00.0994 5964	Modem   		(800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:09:01.0041 5964	Modem - ok
16:09:01.0072 5964    monitor 		(b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:09:01.0119 5964	monitor - ok
16:09:01.0134 5964    mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:09:01.0150 5964	mouclass - ok
16:09:01.0165 5964    mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:09:01.0181 5964	mouhid - ok
16:09:01.0197 5964    mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:09:01.0212 5964	mountmgr - ok
16:09:01.0243 5964    MpFilter    	(c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:09:01.0259 5964	MpFilter - ok
16:09:01.0275 5964    mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:09:01.0290 5964	mpio - ok
16:09:01.0306 5964	MpNWMon 		(8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:09:01.0321 5964	MpNWMon - ok
16:09:01.0337 5964    mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:09:01.0368 5964	mpsdrv - ok
16:09:01.0384 5964    MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:09:01.0399 5964	MRxDAV - ok
16:09:01.0462 5964    mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:09:01.0509 5964	mrxsmb - ok
16:09:01.0524 5964    mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:09:01.0540 5964	mrxsmb10 - ok
16:09:01.0587 5964    mrxsmb20    	(9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:09:01.0618 5964	mrxsmb20 - ok
16:09:01.0633 5964    msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:09:01.0649 5964	msahci - ok
16:09:01.0665 5964    msdsm   		(db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:09:01.0680 5964	msdsm - ok
16:09:01.0711 5964    Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:09:01.0743 5964	Msfs - ok
16:09:01.0774 5964    mshidkmdf   	(f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:09:01.0805 5964	mshidkmdf - ok
16:09:01.0821 5964    msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:09:01.0821 5964	msisadrv - ok
16:09:01.0836 5964    MSKSSRV 		(49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:09:01.0867 5964	MSKSSRV - ok
16:09:01.0883 5964    MSPCLOCK    	(bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:09:01.0914 5964	MSPCLOCK - ok
16:09:01.0930 5964    MSPQM   		(4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:09:01.0945 5964	MSPQM - ok
16:09:01.0977 5964    MsRPC   		(759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:09:01.0977 5964	MsRPC - ok
16:09:02.0008 5964    mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:09:02.0008 5964	mssmbios - ok
16:09:02.0039 5964    MSTEE   		(2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:09:02.0055 5964	MSTEE - ok
16:09:02.0086 5964    MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:09:02.0101 5964	MTConfig - ok
16:09:02.0117 5964    Mup 			(f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:09:02.0117 5964	Mup - ok
16:09:02.0164 5964    mvCmdemo    	(d8cb9a12d29313e3d45520db2c81fbd3) C:\Windows\system32\Drivers\mvCmdemo.SYS
16:09:02.0179 5964	mvCmdemo - ok
16:09:02.0211 5964	mvvideodemo 	(ce0156be8134b4148a6d09d133ed09db) C:\Windows\system32\DRIVERS\mvvideodemo.sys
16:09:02.0226 5964	mvvideodemo - ok
16:09:02.0257 5964	NativeWifiP 	(1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:09:02.0304 5964	NativeWifiP - ok
16:09:02.0335 5964    NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:09:02.0367 5964	NDIS - ok
16:09:02.0382 5964    NdisCap 		(9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:09:02.0413 5964	NdisCap - ok
16:09:02.0445 5964    NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:09:02.0523 5964	NdisTapi - ok
16:09:02.0538 5964    Ndisuio 		(136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:09:02.0569 5964	Ndisuio - ok
16:09:02.0585 5964	NdisWan 		(53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:09:02.0632 5964	NdisWan - ok
16:09:02.0647 5964    NDProxy 		(015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:09:02.0679 5964	NDProxy - ok
16:09:02.0710 5964    NetBIOS 		(86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:09:02.0741 5964	NetBIOS - ok
16:09:02.0772 5964    NetBT   		(09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:09:02.0803 5964	NetBT - ok
16:09:02.0991 5964    NETwNs64        (774c9eccef83ab8a3d1466f19809c95f) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:09:03.0069 5964	NETwNs64 - ok
16:09:03.0100 5964    nfrd960 		(77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:09:03.0115 5964	nfrd960 - ok
16:09:03.0147 5964    NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:09:03.0147 5964	NisDrv - ok
16:09:03.0178 5964    nmwcd   		(907b5e1e4a592e5edc5e4ccbde4863c2) C:\Windows\system32\drivers\ccdcmbx64.sys
16:09:03.0225 5964	nmwcd - ok
16:09:03.0256 5964    nmwcdc          (41c1ac1f3613435eb32d67bcb80a5fa5) C:\Windows\system32\drivers\ccdcmbox64.sys
16:09:03.0271 5964	nmwcdc - ok
16:09:03.0303 5964    Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:09:03.0349 5964	Npfs - ok
16:09:03.0365 5964    nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:09:03.0396 5964	nsiproxy - ok
16:09:03.0490 5964    Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:09:03.0521 5964	Ntfs - ok
16:09:03.0537 5964    Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:09:03.0568 5964	Null - ok
16:09:03.0599 5964    nusb3hub        (d584abb6a308933a5f72b46c9e5a783f) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:09:03.0646 5964	nusb3hub - ok
16:09:03.0693 5964    nusb3xhc        (345b9c04e2036da4346e3249a5bdfd06) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:09:03.0739 5964	nusb3xhc - ok
16:09:03.0771 5964    NVHDA   		(10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
16:09:03.0802 5964	NVHDA - ok
16:09:03.0833 5964    nvkflt          (63bcd806f51c31159193697f306feb7f) C:\Windows\system32\DRIVERS\nvkflt.sys
16:09:03.0849 5964	nvkflt - ok
16:09:04.0114 5964    nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:09:04.0254 5964	nvlddmkm - ok
16:09:04.0285 5964    nvoclk64        (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
16:09:04.0285 5964	nvoclk64 - ok
16:09:04.0317 5964    nvpciflt    	(682ea9ed3399d6066f0daecf7938727e) C:\Windows\system32\DRIVERS\nvpciflt.sys
16:09:04.0317 5964	nvpciflt - ok
16:09:04.0363 5964    nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:09:04.0395 5964	nvraid - ok
16:09:04.0441 5964    nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:09:04.0457 5964	nvstor - ok
16:09:04.0488 5964    nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:09:04.0504 5964	nv_agp - ok
16:09:04.0519 5964    ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:09:04.0551 5964	ohci1394 - ok
16:09:04.0582 5964    Parport 		(0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:09:04.0597 5964	Parport - ok
16:09:04.0629 5964    partmgr 		(871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:09:04.0629 5964	partmgr - ok
16:09:04.0644 5964	pccsmcfd - ok
16:09:04.0675 5964    pci 			(94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:09:04.0691 5964	pci - ok
16:09:04.0707 5964    pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:09:04.0707 5964	pciide - ok
16:09:04.0738 5964    pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:09:04.0753 5964	pcmcia - ok
16:09:04.0769 5964    pcw 			(d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:09:04.0785 5964	pcw - ok
16:09:04.0816 5964    PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:09:04.0878 5964	PEAUTH - ok
16:09:04.0941 5964    Point64 		(4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
16:09:04.0956 5964	Point64 - ok
16:09:04.0987 5964	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:09:05.0050 5964	PptpMiniport - ok
16:09:05.0065 5964    Processor   	(0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:09:05.0081 5964	Processor - ok
16:09:05.0097 5964    Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:09:05.0128 5964	Psched - ok
16:09:05.0175 5964    PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:09:05.0206 5964	PxHlpa64 - ok
16:09:05.0237 5964    qicflt          (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
16:09:05.0253 5964	qicflt - ok
16:09:05.0315 5964    ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:09:05.0346 5964	ql2300 - ok
16:09:05.0362 5964	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:09:05.0362 5964	ql40xx - ok
16:09:05.0393 5964    QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:09:05.0393 5964	QWAVEdrv - ok
16:09:05.0440 5964    radpms          (58435613c2537715a9423597ec6635cc) C:\Windows\system32\DRIVERS\radpms.sys
16:09:05.0455 5964	radpms - ok
16:09:05.0471 5964    RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:09:05.0533 5964	RasAcd - ok
16:09:05.0549 5964	RasAgileVpn 	(7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:09:05.0580 5964	RasAgileVpn - ok
16:09:05.0596 5964    Rasl2tp 		(471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:09:05.0627 5964	Rasl2tp - ok
16:09:05.0658 5964    RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:09:05.0674 5964	RasPppoe - ok
16:09:05.0689 5964    RasSstp 		(e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:09:05.0736 5964	RasSstp - ok
16:09:05.0767 5964    rdbss   		(77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:09:05.0799 5964	rdbss - ok
16:09:05.0814 5964    rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:09:05.0830 5964	rdpbus - ok
16:09:05.0830 5964    RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:09:05.0877 5964	RDPCDD - ok
16:09:05.0892 5964    RDPDR   		(1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:09:05.0939 5964	RDPDR - ok
16:09:05.0970 5964    RDPENCDD    	(bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:09:06.0017 5964	RDPENCDD - ok
16:09:06.0033 5964    RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:09:06.0064 5964	RDPREFMP - ok
16:09:06.0079 5964	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:09:06.0126 5964	RdpVideoMiniport - ok
16:09:06.0142 5964    RDPWD   		(15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:09:06.0189 5964	RDPWD - ok
16:09:06.0220 5964    rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:09:06.0220 5964	rdyboost - ok
16:09:06.0267 5964    RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:09:06.0282 5964	RFCOMM - ok
16:09:06.0298 5964    rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:09:06.0329 5964	rspndr - ok
16:09:06.0376 5964	RTL8167 		(9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:09:06.0407 5964	RTL8167 - ok
16:09:06.0438 5964    s3cap   		(e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:09:06.0454 5964	s3cap - ok
16:09:06.0485 5964    sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:09:06.0501 5964	sbp2port - ok
16:09:06.0532 5964    scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:09:06.0579 5964	scfilter - ok
16:09:06.0625 5964    sdbus   		(111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
16:09:06.0641 5964	sdbus - ok
16:09:06.0672 5964    secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:09:06.0719 5964	secdrv - ok
16:09:06.0735 5964    Serenum 		(cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:09:06.0750 5964	Serenum - ok
16:09:06.0781 5964    Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:09:06.0813 5964	Serial - ok
16:09:06.0828 5964    sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:09:06.0859 5964	sermouse - ok
16:09:06.0891 5964    sffdisk 		(a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:09:06.0922 5964	sffdisk - ok
16:09:06.0937 5964    sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:09:06.0969 5964	sffp_mmc - ok
16:09:06.0969 5964    sffp_sd 		(dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:09:07.0000 5964	sffp_sd - ok
16:09:07.0015 5964    sfloppy 		(a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:09:07.0031 5964	sfloppy - ok
16:09:07.0062 5964    SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:09:07.0078 5964	SiSRaid2 - ok
16:09:07.0093 5964    SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:09:07.0109 5964	SiSRaid4 - ok
16:09:07.0140 5964    Smb 			(548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:09:07.0187 5964	Smb - ok
16:09:07.0203 5964    spldr   		(b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:09:07.0218 5964	spldr - ok
16:09:07.0265 5964    srv 			(441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:09:07.0312 5964	srv - ok
16:09:07.0327 5964    srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:09:07.0343 5964	srv2 - ok
16:09:07.0374 5964    srvnet      	(27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:09:07.0405 5964	srvnet - ok
16:09:07.0452 5964    stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:09:07.0468 5964	stexstor - ok
16:09:07.0515 5964    StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:09:07.0546 5964	StillCam - ok
16:09:07.0593 5964    storflt 		(7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:09:07.0608 5964	storflt - ok
16:09:07.0624 5964    storvsc 		(d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:09:07.0639 5964	storvsc - ok
16:09:07.0655 5964    swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:09:07.0671 5964	swenum - ok
16:09:07.0686 5964	Synth3dVsc      (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
16:09:07.0702 5964	Synth3dVsc - ok
16:09:07.0764 5964    SynTP   		(5e3b232a614339399acc71fa3aaaaa6b) C:\Windows\system32\DRIVERS\SynTP.sys
16:09:07.0811 5964	SynTP - ok
16:09:07.0889 5964    Tcpip   		(fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:09:07.0936 5964	Tcpip - ok
16:09:07.0983 5964    TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:09:07.0998 5964	TCPIP6 - ok
16:09:08.0014 5964    tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:09:08.0045 5964	tcpipreg - ok
16:09:08.0076 5964    TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:09:08.0092 5964	TDPIPE - ok
16:09:08.0107 5964    TDTCP   		(e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:09:08.0139 5964	TDTCP - ok
16:09:08.0170 5964    tdx 			(ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:09:08.0185 5964	tdx - ok
16:09:08.0232 5964	teamviewervpn   (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
16:09:08.0248 5964	teamviewervpn - ok
16:09:08.0263 5964    TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:09:08.0279 5964	TermDD - ok
16:09:08.0295 5964    terminpt        (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
16:09:08.0326 5964	terminpt - ok
16:09:08.0357 5964    tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:09:08.0404 5964	tssecsrv - ok
16:09:08.0419 5964    TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:09:08.0435 5964	TsUsbFlt - ok
16:09:08.0451 5964    TsUsbGD 		(9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:09:08.0466 5964	TsUsbGD - ok
16:09:08.0497 5964    tsusbhub        (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
16:09:08.0513 5964	tsusbhub - ok
16:09:08.0529 5964    tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:09:08.0591 5964	tunnel - ok
16:09:08.0622 5964    TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
16:09:08.0638 5964	TurboB - ok
16:09:08.0669 5964    uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:09:08.0669 5964	uagp35 - ok
16:09:08.0700 5964    udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:09:08.0747 5964	udfs - ok
16:09:08.0763 5964    uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:09:08.0778 5964	uliagpkx - ok
16:09:08.0794 5964    umbus   		(dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:09:08.0825 5964	umbus - ok
16:09:08.0841 5964    UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:09:08.0872 5964	UmPass - ok
16:09:08.0919 5964	upperdev        (4e93c8496359e97830c75ac36393654d) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
16:09:08.0934 5964	upperdev - ok
16:09:08.0981 5964    usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:09:09.0028 5964	usbaudio - ok
16:09:09.0059 5964    usbccgp 		(6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:09:09.0090 5964	usbccgp - ok
16:09:09.0121 5964    usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:09:09.0137 5964	usbcir - ok
16:09:09.0184 5964    usbehci 		(c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:09:09.0199 5964	usbehci - ok
16:09:09.0231 5964    usbhub      	(287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:09:09.0246 5964	usbhub - ok
16:09:09.0277 5964    usbohci 		(9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:09:09.0293 5964	usbohci - ok
16:09:09.0324 5964    usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
16:09:09.0340 5964	usbprint - ok
16:09:09.0387 5964    usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
16:09:09.0387 5964	usbser - ok
16:09:09.0418 5964	UsbserFilt      (8844cb19a37b65e27049d4a7786726a9) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
16:09:09.0465 5964	UsbserFilt - ok
16:09:09.0480 5964    USBSTOR 		(fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:09:09.0511 5964	USBSTOR - ok
16:09:09.0543 5964    usbuhci 		(62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:09:09.0574 5964	usbuhci - ok
16:09:09.0605 5964    usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:09:09.0636 5964	usbvideo - ok
16:09:09.0667 5964    vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:09:09.0683 5964	vdrvroot - ok
16:09:09.0714 5964    vga 			(da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:09:09.0730 5964	vga - ok
16:09:09.0745 5964    VgaSave 		(53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:09:09.0792 5964	VgaSave - ok
16:09:09.0808 5964	VGPU - ok
16:09:09.0823 5964    vhdmp   		(2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:09:09.0839 5964	vhdmp - ok
16:09:09.0839 5964    viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:09:09.0855 5964	viaide - ok
16:09:09.0886 5964    vmbus   		(86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:09:09.0886 5964	vmbus - ok
16:09:09.0917 5964    VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:09:09.0933 5964	VMBusHID - ok
16:09:09.0948 5964    volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:09:09.0964 5964	volmgr - ok
16:09:09.0979 5964    volmgrx 		(a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:09:09.0995 5964	volmgrx - ok
16:09:10.0011 5964    volsnap 		(0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:09:10.0011 5964	volsnap - ok
16:09:10.0026 5964    vsmraid 		(5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:09:10.0042 5964	vsmraid - ok
16:09:10.0057 5964    vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:09:10.0073 5964	vwifibus - ok
16:09:10.0089 5964    vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:09:10.0104 5964	vwififlt - ok
16:09:10.0135 5964    vwifimp 		(6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:09:10.0151 5964	vwifimp - ok
16:09:10.0167 5964    WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:09:10.0198 5964	WacomPen - ok
16:09:10.0213 5964    WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:09:10.0260 5964	WANARP - ok
16:09:10.0260 5964    Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:09:10.0291 5964	Wanarpv6 - ok
16:09:10.0307 5964    Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:09:10.0323 5964	Wd - ok
16:09:10.0354 5964    WDC_SAM 		(a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:09:10.0369 5964	WDC_SAM ( UnsignedFile.Multi.Generic ) - warning
16:09:10.0369 5964	WDC_SAM - detected UnsignedFile.Multi.Generic (1)
16:09:10.0416 5964    Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:09:10.0447 5964	Wdf01000 - ok
16:09:10.0494 5964    WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:09:10.0510 5964	WfpLwf - ok
16:09:10.0541 5964    WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:09:10.0541 5964	WIMMount - ok
16:09:10.0588 5964    WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:09:10.0619 5964	WinUsb - ok
16:09:10.0650 5964    WmiAcpi 		(f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:09:10.0666 5964	WmiAcpi - ok
16:09:10.0697 5964	ws2ifsl 		(6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:09:10.0728 5964	ws2ifsl - ok
16:09:10.0759 5964    WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:09:10.0791 5964	WudfPf - ok
16:09:10.0806 5964    WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:09:10.0837 5964	WUDFRd - ok
16:09:10.0853 5964	MBR (0x1B8) 	(a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:09:11.0040 5964	\Device\Harddisk0\DR0 - ok
16:09:11.0056 5964	MBR (0x1B8) 	(a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:09:11.0493 5964	\Device\Harddisk1\DR1 - ok
16:09:11.0493 5964	Boot (0x1200)   (6e8d00673704ba8c9c8ba0dacfbd16f7) \Device\Harddisk0\DR0\Partition0
16:09:11.0493 5964	\Device\Harddisk0\DR0\Partition0 - ok
16:09:11.0539 5964	Boot (0x1200)   (6753cb980bbb37c96f60a2fdc563cafd) \Device\Harddisk0\DR0\Partition1
16:09:11.0539 5964	\Device\Harddisk0\DR0\Partition1 - ok
16:09:11.0539 5964	Boot (0x1200)   (2dba4dea007553da875237beb5da6a2c) \Device\Harddisk1\DR1\Partition0
16:09:11.0539 5964	\Device\Harddisk1\DR1\Partition0 - ok
16:09:11.0539 5964    ============================================================
16:09:11.0539 5964	Scan finished
16:09:11.0539 5964    ============================================================
16:09:11.0555 1968	Detected object count: 1
16:09:11.0555 1968	Actual detected object count: 1
16:10:24.0257 1968	WDC_SAM ( UnsignedFile.Multi.Generic ) - skipped by user
16:10:24.0257 1968	WDC_SAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:10:32.0713 0400	Deinitialize success

aswMBR Results:


First scan failed (program freezed in the middle of the process) with most recent lines:

16:17:33.935 AVAST engine scan C:\Womdpws\system32
16.19.20.530 Scanning: C:\Windows\Assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.[b][rest of line unreadable][/b]
Same error the second time, I've attached a screenshot of the crash so there's no confusion.

aswMBR.png

MalawareBytes Log File:

[/size][/font][font="Arial"][size="2"]Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000
www.malwarebytes.org

Databaseversie: v2012.02.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sam :: XPS [administrator]

Realtime bescherming: Ingeschakeld

22/02/2012 16:34:33
mbam-log-2012-02-22 (16-34-33).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden  en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 271364
Verstreken tijd: 1 minuut/minuten, 57 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 1
HKCU\Software\Microsoft|ld_done1 (Malware.Trace) -> Data: 1329154725 -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

I can translate it if you want.

OTL Log Files:

Here is the first one:

OTL logfile created on: 22/02/2012 16:42:16 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Downloads\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

7,90 Gb Total Physical Memory | 5,25 Gb Available Physical Memory | 66,45% Memory free
15,79 Gb Paging File | 12,97 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 289,61 Gb Free Space | 64,92% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 190,05 Gb Free Space | 40,80% Space Free | Partition Type: NTFS
Drive E: | 7,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: XPS | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/18 16:09:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/14 08:21:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL\OTL.exe
PRC - [2012/02/03 20:56:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/08/02 08:33:22 | 002,998,592 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2011/03/30 08:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/01/12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 17:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/03 10:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/11/03 10:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/18 16:09:25 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/15 17:19:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 17:18:48 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 17:18:43 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 17:18:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 17:18:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 17:18:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 17:18:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 08:48:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2011/10/13 08:08:59 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/13 00:33:28 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/06/10 23:10:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/20 18:33:22 | 000,135,440 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/10/19 14:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/14 08:26:45 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/03 20:56:05 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/01/12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/03 11:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 11:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 10:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/16 16:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/07 18:22:48 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/10/31 15:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/10/19 14:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/10/19 14:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/10/15 09:53:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2011/10/15 09:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,014,944 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\radpms.sys -- (radpms)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/09/13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/09/13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/08/24 00:03:02 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/23 21:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/19 14:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/07 12:33:42 | 000,014,544 | ---- | M] (MaxiVista) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mvvideodemo.sys -- (mvvideodemo)
DRV:64bit: - [2011/04/07 12:33:40 | 000,015,568 | ---- | M] (MaxiVista) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mvCmdemo.SYS -- (mvCmdemo)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/04 04:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/04 02:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2010/10/19 17:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 07:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/23 16:44:48 | 001,394,224 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/02 02:46:56 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/11 02:14:42 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Sam\AppData\Local\Spoon\3.32.1.5\npMozillaSpoonPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 16:09:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012/01/07 01:43:45 | 000,000,000 | ---D | M]

[2011/10/16 17:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions
[2011/10/16 17:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/02/18 08:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\xqhe8rpc.default\extensions
[2012/02/18 08:39:09 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\xqhe8rpc.default\extensions\[email protected]
[2012/01/06 16:22:01 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\xqhe8rpc.default\extensions\[email protected]
[2012/02/18 08:39:10 | 000,000,000 | ---D | M] (Dictionnaires français) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\xqhe8rpc.default\extensions\[email protected]
[2012/01/31 14:08:01 | 000,000,000 | ---D | M] (rein) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\xqhe8rpc.default\extensions\[email protected]
[2011/11/18 12:42:21 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\xqhe8rpc.default\extensions\[email protected]
[2012/01/03 17:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/18 16:09:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/03 17:28:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/03 17:28:25 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/01/03 17:28:25 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/01/03 17:28:25 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2012/02/22 15:49:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FEA4FC0-2D32-498F-8308-3FA5AF02E877}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C303EEE4-A7FA-4C58-8D90-BFF878F38DA9}: DhcpNameServer = 195.130.131.11 195.130.130.11
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/17 21:55:25 | 000,000,000 | ---D | M] - E:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011/02/17 21:55:34 | 003,057,784 | R--- | M] (UBISOFT) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/02/17 21:39:07 | 000,231,798 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/02/17 21:39:07 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/22 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Malwarebytes
[2012/02/22 16:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/22 16:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/22 16:33:26 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/22 16:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/22 16:26:13 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Sam\Desktop\aswMBR.exe
[2012/02/22 16:18:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/19 17:54:58 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\ElevatedDiagnostics
[2012/02/15 06:47:01 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 06:46:59 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 06:46:59 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 06:46:54 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/14 08:30:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/14 08:30:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/14 08:30:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/14 08:30:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/14 08:30:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/14 08:02:46 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\QuickScan
[2012/02/14 07:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/02/14 07:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/13 11:23:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\www
[2012/02/12 21:21:58 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TeamViewer
[2012/02/10 22:05:45 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2012/02/10 18:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2012/02/10 18:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
[2012/02/10 11:38:03 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\teamviewervpn.sys
[2012/02/10 11:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/02/08 15:15:43 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Creative Boxes
[2012/02/08 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Sun
[2012/02/08 14:04:04 | 000,000,000 | ---D | C] -- C:\Users\Sam\.netbeans-derby
[2012/02/08 10:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
[2012/02/08 10:31:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/02/08 10:30:34 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/02/08 10:30:33 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/02/08 10:30:33 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/02/08 10:30:32 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/02/08 10:30:32 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/02/08 10:30:27 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012/02/08 10:30:25 | 002,518,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012/02/08 10:30:25 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012/02/08 10:30:23 | 000,376,936 | ---- | C] (Realtek Semiconductor) -- C:\Windows\SysNative\RtkGuiCompLib.dll
[2012/02/08 10:30:23 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012/02/08 10:30:22 | 003,201,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012/02/08 10:30:21 | 001,881,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012/02/08 10:30:21 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/02/08 10:30:21 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/02/08 10:30:20 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/02/08 10:30:20 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/02/08 10:30:19 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012/02/08 10:30:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/02/08 10:30:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/02/08 10:30:17 | 001,501,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCORES64.dat
[2012/02/08 10:30:17 | 000,097,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2012/02/08 10:30:12 | 000,626,264 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll
[2012/02/08 10:30:12 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2012/02/08 10:30:11 | 000,886,360 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2012/02/08 10:30:11 | 000,746,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2012/02/08 10:30:11 | 000,561,240 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll
[2012/02/08 10:30:11 | 000,064,600 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll
[2012/02/08 10:30:11 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll
[2012/02/08 10:30:10 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/02/08 10:30:10 | 000,702,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek2.dll
[2012/02/08 10:30:10 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/02/08 10:30:09 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/02/08 10:30:09 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/02/08 10:30:09 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/02/08 10:29:52 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/02/08 10:29:51 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/02/08 10:29:50 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/02/08 10:29:49 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/02/08 10:29:48 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/02/08 10:29:46 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/02/08 10:29:44 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/02/08 10:29:43 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/02/08 10:29:42 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/02/08 10:29:41 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/02/08 10:29:38 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/02/08 10:29:35 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/02/08 10:29:35 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/02/08 10:29:27 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012/02/08 10:29:26 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012/02/08 10:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/02/08 10:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JMicron
[2012/02/07 20:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/02/07 20:32:10 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/02/07 19:21:08 | 000,015,568 | ---- | C] (MaxiVista) -- C:\Windows\SysNative\drivers\mvCmdemo.SYS
[2012/02/07 19:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaxiVista Demo Server
[2012/02/07 19:20:22 | 000,039,120 | ---- | C] (Maxivsta) -- C:\Windows\SysNative\mvvideodemo.dll
[2012/02/07 19:20:22 | 000,014,544 | ---- | C] (MaxiVista) -- C:\Windows\SysNative\drivers\mvvideodemo.sys
[2012/02/07 19:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\MaxiVista Demo Server
[2012/02/07 17:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/02/07 17:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/02/03 20:56:03 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\PunkBuster
[2012/02/01 00:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2012/02/01 00:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/01/30 23:52:53 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\VOS
[2012/01/30 16:53:02 | 000,000,000 | ---D | C] -- C:\.netbeans
[2012/01/28 14:54:35 | 000,000,000 | ---D | C] -- C:\MyGame

========== Files - Modified Within 30 Days ==========

[2012/02/22 16:39:03 | 000,100,953 | ---- | M] () -- C:\Users\Sam\Desktop\malawarebytes.png
[2012/02/22 16:33:27 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 16:31:16 | 000,134,029 | ---- | M] () -- C:\Users\Sam\Desktop\aswMBR.png
[2012/02/22 16:11:21 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Sam\Desktop\aswMBR.exe
[2012/02/22 15:49:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/22 15:33:43 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 15:33:43 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 15:26:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/19 18:45:43 | 001,678,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/19 18:45:43 | 000,748,464 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/02/19 18:45:43 | 000,657,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/19 18:45:43 | 000,154,538 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/02/19 18:45:43 | 000,122,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/19 18:15:54 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/19 10:32:37 | 004,904,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/18 09:07:31 | 000,007,640 | ---- | M] () -- C:\Users\Sam\AppData\Local\resmon.resmoncfg
[2012/02/14 08:06:25 | 000,000,036 | ---- | M] () -- C:\Users\Sam\AppData\Local\housecall.guid.cache
[2012/02/14 07:57:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/14 07:56:58 | 001,700,724 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/13 18:39:02 | 000,102,400 | RHS- | M] () -- C:\Windows\SysWow64\Dism8.dll
[2012/02/12 18:50:54 | 000,001,130 | ---- | M] () -- C:\Users\Sam\Desktop\Team Server RC.lnk
[2012/02/11 00:58:36 | 000,001,582 | ---- | M] () -- C:\Users\Sam\Desktop\Team Server Final.lnk
[2012/02/10 18:45:05 | 000,001,351 | ---- | M] () -- D:\Documents\AutoHotkey.ahk
[2012/02/10 11:38:09 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/02/08 10:31:14 | 000,074,452 | ---- | M] () -- C:\Windows\SysNative\drivers\RTWAVES30.dat
[2012/02/08 10:28:38 | 000,018,980 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012/02/07 20:32:07 | 000,263,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/02/07 20:32:07 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/02/07 20:32:07 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/02/07 19:24:32 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\OutN64proc64.dll
[2012/02/07 19:24:32 | 000,000,001 | ---- | M] () -- C:\Windows\SysNative\InN64proc64.dll
[2012/02/04 20:55:14 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Pidgin.lnk
[2012/02/03 20:56:06 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/03 20:56:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/01 11:28:47 | 000,001,014 | ---- | M] () -- C:\Users\Sam\Desktop\Dropbox.lnk
[2012/02/01 11:28:47 | 000,000,994 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/29 13:16:40 | 000,000,478 | ---- | M] () -- C:\project.ini
[2012/01/27 13:38:30 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012/02/22 16:39:03 | 000,100,953 | ---- | C] () -- C:\Users\Sam\Desktop\malawarebytes.png
[2012/02/22 16:33:27 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 16:31:16 | 000,134,029 | ---- | C] () -- C:\Users\Sam\Desktop\aswMBR.png
[2012/02/19 10:32:21 | 004,904,008 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/14 08:30:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/14 08:30:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/14 08:30:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/14 08:30:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/14 08:30:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/14 08:06:25 | 000,000,036 | ---- | C] () -- C:\Users\Sam\AppData\Local\housecall.guid.cache
[2012/02/14 07:56:55 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/13 23:37:15 | 000,007,640 | ---- | C] () -- C:\Users\Sam\AppData\Local\resmon.resmoncfg
[2012/02/13 18:39:02 | 000,102,400 | RHS- | C] () -- C:\Windows\SysWow64\Dism8.dll
[2012/02/12 18:50:54 | 000,001,130 | ---- | C] () -- C:\Users\Sam\Desktop\Team Server RC.lnk
[2012/02/11 00:58:36 | 000,001,582 | ---- | C] () -- C:\Users\Sam\Desktop\Team Server Final.lnk
[2012/02/10 18:45:05 | 000,001,351 | ---- | C] () -- D:\Documents\AutoHotkey.ahk
[2012/02/10 11:38:09 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/02/10 11:38:09 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/02/07 19:24:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\OutN64proc64.dll
[2012/02/07 19:24:32 | 000,000,001 | ---- | C] () -- C:\Windows\SysNative\InN64proc64.dll
[2012/02/03 20:56:06 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/03 20:56:04 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/29 13:16:40 | 000,000,478 | ---- | C] () -- C:\project.ini
[2012/01/08 21:51:41 | 000,000,131 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\CairoAppConfig.xml
[2012/01/08 21:50:38 | 000,000,210 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\CairoStacksConfig.xml
[2011/12/25 23:37:00 | 000,000,600 | ---- | C] () -- C:\Users\Sam\AppData\Local\PUTTY.RND
[2011/12/25 18:31:36 | 000,016,410 | ---- | C] () -- C:\Windows\UN900119.INI
[2011/12/24 13:29:52 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/12/24 13:29:51 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/12/24 13:29:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/11/04 17:19:00 | 000,117,332 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/06 21:35:13 | 000,000,132 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/17 20:08:29 | 000,062,299 | ---- | C] () -- C:\Windows\hpqins01.dat
[2011/09/16 18:03:19 | 000,208,000 | ---- | C] () -- C:\Windows\hpoins31.dat
[2011/09/16 18:03:19 | 000,000,873 | ---- | C] () -- C:\Windows\hpomdl31.dat
[2011/08/28 19:00:45 | 000,050,688 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 22:46:24 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/25 22:46:24 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2011/08/23 18:30:21 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin
[2011/08/23 18:16:47 | 001,700,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/23 17:42:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/23 17:42:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/12/01 22:17:08 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.minecraft
[2012/02/04 23:04:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.purple
[2011/10/06 21:11:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Adobe
[2011/10/06 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Adobe Mini Bridge CS5
[2011/10/23 00:01:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/08 15:15:43 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Creative Boxes
[2012/02/07 20:07:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DAEMON Tools Lite
[2012/02/22 15:28:51 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox
[2011/09/05 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0
[2011/09/19 10:51:02 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\HP
[2011/12/25 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\HpUpdate
[2011/08/23 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Identities
[2011/09/01 12:48:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Image-Line
[2011/08/23 16:48:31 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\InstallShield
[2011/12/25 13:41:54 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Intel
[2011/08/23 16:51:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Intel Corporation
[2011/10/23 00:17:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LolClient
[2011/08/23 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Macromedia
[2012/02/22 16:33:30 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Malwarebytes
[2010/11/21 08:16:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Media Center Programs
[2012/02/12 23:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MediaMonkey
[2012/01/10 21:50:31 | 000,000,000 | --SD | M] -- C:\Users\Sam\AppData\Roaming\Microsoft
[2011/08/23 16:32:35 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla
[2011/08/28 13:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\My Battle for Middle-earth™ II Files
[2011/08/25 21:35:54 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2012/01/07 02:15:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nokia
[2012/01/07 01:39:35 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nokia Ovi Suite
[2012/01/07 02:15:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nokia Suite
[2012/02/07 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Notepad++
[2011/12/15 10:52:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NVIDIA
[2011/08/28 18:50:41 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PC Suite
[2011/10/16 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Prism
[2012/02/03 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PunkBuster
[2012/02/14 08:02:52 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\QuickScan
[2012/02/22 15:37:17 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Racket
[2012/02/07 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Skype
[2011/08/28 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SPORE
[2012/02/08 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sun
[2011/08/23 17:31:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SystemRequirementsLab
[2012/02/12 21:21:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TeamViewer
[2011/08/29 11:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\The Creative Assembly
[2011/08/28 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Ubisoft
[2011/11/06 14:06:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\vlc
[2012/01/30 23:52:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\VOS
[2011/08/25 21:31:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\WinRAR


< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/18 16:09:25 | 000,836,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/18 16:09:25 | 000,836,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/18 16:09:25 | 000,836,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/18 16:09:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/18 16:09:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/18 16:09:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/02/18 16:09:25 | 000,836,544 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/02/18 16:09:25 | 000,836,544 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/02/18 16:09:25 | 000,836,544 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/02/18 16:09:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/02/18 16:09:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/02/18 16:09:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE"

< %systemroot%\system32\*.dll /lockedfiles >
[2012/02/13 18:39:02 | 000,102,400 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\Dism8.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
And the second one: OTL Extras logfile created on: 22/02/2012 16:42:16 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Downloads\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

7,90 Gb Total Physical Memory | 5,25 Gb Available Physical Memory | 66,45% Memory free
15,79 Gb Paging File | 12,97 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 289,61 Gb Free Space | 64,92% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 190,05 Gb Free Space | 40,80% Space Free | Partition Type: NTFS
Drive E: | 7,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: XPS | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021B6358-4373-3FC0-A0B4-4709B7E0D3E5}" = Microsoft .NET Framework 4 Extended NLD Language Pack
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{211654D1-F7F8-4FF6-B008-354354354365}_is1" = MaxiVista Demo Server v4.0.12
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java™ 7 Update 2 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systeemsoftware 9.11.1107
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio-stuurprogramma 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technologie monitor 2.0
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel® PROSet/Wireless WiFi Software
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client NL-NL Language Pack
"{E5A24F8D-40E1-45CB-B509-81186D795735}" = HP Photosmart C6300 All-In-One Driver Software 13.0 Rel. 4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"nbi-glassfish-mod-3.1.1.12.0" = GlassFish Server Open Source Edition 3.1.1
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{543BDDCD-E230-4F37-881B-4900B833BBD7}" = C6300
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE9B20A-6C15-48A3-99A5-02C9A3E389EF}" = PS_AIO_04_C6300_Software_Min
"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0413-1000-0000000FF1CE}_Office14.PROPLUSR_{B9427E36-0B0A-48F4-8A51-1C178708A28E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0080-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Nederlands
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DC525714-3134-4749-A39F-E3216A4FF9BD}" = Halo CE Cracked Setup
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E01AE623-07FB-4E38-8CCA-8E10B86BE851}" = Rome - Total War
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"AutoHotkey" = AutoHotkey 1.1.05.06
"AVerMedia H339 Hybrid TV Tuner" = AVerMedia H339 Hybrid TV Tuner 2.2.64.64
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"FL Studio 10" = FL Studio 10
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"IronScheme" = IronScheme 1.0-RC5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.60.1.1000
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Mozilla Firefox 10.0.2 (x86 nl)" = Mozilla Firefox 10.0.2 (x86 nl)
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Pidgin" = Pidgin
"Plants vs. Zombies" = Plants vs. Zombies
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Racket-5.2" = Racket v5.2
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 440" = Team Fortress 2
"Steam App 9350" = Supreme Commander
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/02/2012 16:15:52 | Computer Name = XPS | Source = Outlook | ID = 35
Description = Kan niet vaststellen of het archief zich in het verkenningsbereik
bevindt (fout=0x8007043c).

Error - 13/02/2012 16:15:52 | Computer Name = XPS | Source = Outlook | ID = 35
Description = Kan niet vaststellen of het archief zich in het verkenningsbereik
bevindt (fout=0x8007043c).

Error - 13/02/2012 18:23:08 | Computer Name = XPS | Source = WinMgmt | ID = 10
Description =

Error - 14/02/2012 2:40:40 | Computer Name = XPS | Source = WinMgmt | ID = 10
Description =

Error - 14/02/2012 3:27:14 | Computer Name = XPS | Source = WinMgmt | ID = 10
Description =

Error - 14/02/2012 11:36:23 | Computer Name = XPS | Source = WinMgmt | ID = 10
Description =

Error - 14/02/2012 11:46:10 | Computer Name = XPS | Source = WinMgmt | ID = 10
Description =

Error - 15/02/2012 12:16:42 | Computer Name = XPS | Source = WinMgmt | ID = 10
Description =

Error - 15/02/2012 13:02:03 | Computer Name = XPS | Source = WinMgmt | ID = 10
Description =

Error - 16/02/2012 2:40:25 | Computer Name = XPS | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 26/08/2011 10:22:47 | Computer Name = XPS | Source = MCUpdate | ID = 0
Description = 16:19:03 - Fout bij verbinden met internet. 16:19:03 - Kan geen
contact maken met server..

Error - 9/09/2011 5:37:01 | Computer Name = XPS | Source = MCUpdate | ID = 0
Description = 11:37:01 - Fout bij verbinden met internet. 11:37:01 - Kan geen
contact maken met server..

Error - 9/09/2011 5:37:38 | Computer Name = XPS | Source = MCUpdate | ID = 0
Description = 11:37:31 - Fout bij verbinden met internet. 11:37:31 - Kan geen
contact maken met server..

Error - 13/09/2011 17:40:47 | Computer Name = XPS | Source = MCUpdate | ID = 0
Description = 23:40:47 - Fout bij verbinden met internet. 23:40:47 - Kan geen
contact maken met server..

Error - 13/09/2011 17:41:00 | Computer Name = XPS | Source = MCUpdate | ID = 0
Description = 23:40:52 - Fout bij verbinden met internet. 23:40:52 - Kan geen
contact maken met server..

Error - 14/09/2011 3:58:24 | Computer Name = XPS | Source = MCUpdate | ID = 0
Description = 9:58:24 - Fout bij verbinden met internet. 9:58:24 - Kan geen contact
maken met server..

Error - 14/09/2011 3:58:38 | Computer Name = XPS | Source = MCUpdate | ID = 0
Description = 9:58:29 - Fout bij verbinden met internet. 9:58:29 - Kan geen contact
maken met server..

Error - 16/09/2011 10:44:59 | Computer Name = XPS | Source = MCUpdate | ID = 0
Description = 16:44:58 - Fout bij verbinden met internet. 16:44:58 - Kan geen
contact maken met server..

Error - 22/10/2011 11:45:36 | Computer Name = XPS | Source = MCUpdate | ID = 0
Description = 17:45:36 - Fout bij verbinden met internet. 17:45:36 - Kan geen
contact maken met server..

Error - 22/10/2011 11:45:53 | Computer Name = XPS | Source = MCUpdate | ID = 0
Description = 17:45:42 - Fout bij verbinden met internet. 17:45:42 - Kan geen
contact maken met server..

[ System Events ]
Error - 23/11/2011 17:14:31 | Computer Name = XPS | Source = Microsoft Antimalware | ID = 3002
Description = Real-timebeveiligingsonderdeel van %%860 heeft een fout aangetroffen
en is niet uitgevoerd. Onderdeel: %%835 Foutcode: 0x80004005 Foutbeschrijving: Niet
nader omschreven fout Reden: %%842

Error - 23/11/2011 19:16:52 | Computer Name = XPS | Source = Service Control Manager | ID = 7000
Description = De LogMeIn Kernel Information Provider-service kan vanwege de volgende
fout niet worden gestart: %%3

Error - 23/11/2011 19:16:55 | Computer Name = XPS | Source = Microsoft Antimalware | ID = 3002
Description = Real-timebeveiligingsonderdeel van %%860 heeft een fout aangetroffen
en is niet uitgevoerd. Onderdeel: %%835 Foutcode: 0x80004005 Foutbeschrijving: Niet
nader omschreven fout Reden: %%842

Error - 24/11/2011 4:21:30 | Computer Name = XPS | Source = Service Control Manager | ID = 7000
Description = De LogMeIn Kernel Information Provider-service kan vanwege de volgende
fout niet worden gestart: %%3

Error - 24/11/2011 4:21:43 | Computer Name = XPS | Source = Microsoft Antimalware | ID = 3002
Description = Real-timebeveiligingsonderdeel van %%860 heeft een fout aangetroffen
en is niet uitgevoerd. Onderdeel: %%835 Foutcode: 0x80004005 Foutbeschrijving: Niet
nader omschreven fout Reden: %%842

Error - 24/11/2011 4:32:13 | Computer Name = XPS | Source = bowser | ID = 8003
Description =

Error - 24/11/2011 9:08:46 | Computer Name = XPS | Source = Service Control Manager | ID = 7000
Description = De LogMeIn Kernel Information Provider-service kan vanwege de volgende
fout niet worden gestart: %%3

Error - 24/11/2011 9:08:59 | Computer Name = XPS | Source = Microsoft Antimalware | ID = 3002
Description = Real-timebeveiligingsonderdeel van %%860 heeft een fout aangetroffen
en is niet uitgevoerd. Onderdeel: %%835 Foutcode: 0x80004005 Foutbeschrijving: Niet
nader omschreven fout Reden: %%842

Error - 24/11/2011 11:18:52 | Computer Name = XPS | Source = bowser | ID = 8003
Description =

Error - 24/11/2011 11:58:55 | Computer Name = XPS | Source = bowser | ID = 8003
Description =


< End of report >


VEW Results

VEW ran successfully, but the logfile couldn't be opened (screenshots attached). I've tried looking for it manually in C:\, but I found nothing.

vew-1.png vew-2.png

I am starting to think that it might be easier it I just reinstall my computer (at least I know how to do that). Besides, doing a fresh install of Win7 will get rid of some old games and programmes I no longer need.
The only thing that is holding me back is that I'm not very keen to reconfigure my entire pc and I somtimes tend to forget to backup files before reinstalling, which I afterwards have to retreive with some file-recovery tool.
So basically: do you think this problem is manageable when you read log files, or would it save us both a lot of time if I simply did a fresh reinstall instead?

Attached Files


Edited by Sam Vervaeck, 22 February 2012 - 03:07 PM.

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,003 posts
  • MVP
Reinstall is always an option but I think this one is not so bad.

Please do not quote or code the logs. Makes them harder to read. Just copy and paste.

I'm fluent in German in and even took a course in Dutch once so I can puzzle it out.


Copy the text in the code box by highlighting and Ctrl + c

:OTL
[2012/02/13 18:39:02 | 000,102,400 | RHS- | C] () -- C:\Windows\SysWow64\Dism8.dll
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2011/08/23 18:30:21 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2011/08/23 18:30:21 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2011/08/23 18:30:21 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2011/08/23 18:30:21 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2011/08/23 18:30:21 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials

Reboot

Install Avast by right clicking and Run As Admin. (Register when it asks you - they will try to talk you into buying the full product but the free version is what we want.)

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

See if you can find aswboot.txt in C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt or C:\ProgramData\Avast Software\Avast5\report\aswboot.txt


Ron
  • 0

#6
Sam Vervaeck

Sam Vervaeck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok understood; here's the first one (MBRCheck):

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell System XPS L702X
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 228):
0x0241C000 \SystemRoot\system32\ntoskrnl.exe
0x02A05000 \SystemRoot\system32\hal.dll
0x022BF000 \SystemRoot\system32\kdcom.dll
0x00C19000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C68000 \SystemRoot\system32\PSHED.dll
0x00C7C000 \SystemRoot\system32\CLFS.SYS
0x00CDA000 \SystemRoot\system32\CI.dll
0x00EF8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F9C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E6A000 \SystemRoot\system32\drivers\pci.sys
0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00EC8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00ED4000 \SystemRoot\system32\drivers\volmgr.sys
0x00D9A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAB000 \SystemRoot\System32\drivers\mountmgr.sys
0x0101A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0116E000 \SystemRoot\system32\drivers\atapi.sys
0x01177000 \SystemRoot\system32\drivers\ataport.SYS
0x011A1000 \SystemRoot\system32\drivers\msahci.sys
0x011AC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x011BC000 \SystemRoot\system32\drivers\amdxata.sys
0x0127C000 \SystemRoot\system32\drivers\fltmgr.sys
0x012C8000 \SystemRoot\system32\drivers\fileinfo.sys
0x012DC000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01425000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012E8000 \SystemRoot\System32\Drivers\msrpc.sys
0x015C8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01346000 \SystemRoot\System32\Drivers\cng.sys
0x015E3000 \SystemRoot\System32\drivers\pcw.sys
0x015F4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016A4000 \SystemRoot\system32\drivers\ndis.sys
0x01797000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0185B000 \SystemRoot\System32\drivers\tcpip.sys
0x01A5F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AA9000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01AB9000 \SystemRoot\system32\drivers\volsnap.sys
0x01B05000 \SystemRoot\System32\Drivers\spldr.sys
0x01B0D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B47000 \SystemRoot\system32\DRIVERS\nvpciflt.sys
0x01B51000 \SystemRoot\System32\Drivers\mup.sys
0x01B63000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B6C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BA6000 \SystemRoot\system32\drivers\disk.sys
0x01BBC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x03013000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x03059000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01800000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x03083000 \SystemRoot\System32\Drivers\Null.SYS
0x0308C000 \SystemRoot\System32\Drivers\Beep.SYS
0x03093000 \SystemRoot\System32\drivers\vga.sys
0x01831000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0162B000 \SystemRoot\System32\drivers\watchdog.sys
0x031F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0163B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01644000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0164D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01658000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01669000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0168B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x05824000 \SystemRoot\system32\drivers\afd.sys
0x058AD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x058F2000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x058FD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x05906000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0592C000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x05942000 \SystemRoot\system32\DRIVERS\netbios.sys
0x05951000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0596C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x05980000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x013B8000 \SystemRoot\system32\DRIVERS\nvkflt.sys
0x03252000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03346000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0338C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03398000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x033A3000 \SystemRoot\System32\drivers\discache.sys
0x05C7A000 \SystemRoot\system32\drivers\csc.sys
0x05CFD000 \SystemRoot\System32\Drivers\dfsc.sys
0x05D1B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x05D2C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x05D52000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x06A36000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05E48000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x05E00000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05E11000 \SystemRoot\system32\drivers\usbehci.sys
0x076AD000 \SystemRoot\system32\drivers\USBPORT.SYS
0x05E22000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x07800000 \SystemRoot\system32\DRIVERS\AVer7231_x64.sys
0x079B8000 \SystemRoot\system32\DRIVERS\ks.sys
0x079FB000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x07703000 \SystemRoot\system32\drivers\ksthunk.sys
0x07ADA000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x08362000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0836F000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x083A8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x07A00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x07A8D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x07AAB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x08486000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x085E0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x085EF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x08400000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x08416000 \SystemRoot\system32\DRIVERS\AMPPAL.sys
0x0844C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0845C000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x08463000 \SystemRoot\system32\DRIVERS\mvvideodemo.sys
0x0846B000 \SystemRoot\system32\DRIVERS\serscan.sys
0x07ABA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x083AA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x08473000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x083CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x07709000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x07724000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x07745000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0775F000 \SystemRoot\system32\DRIVERS\teamviewervpn.sys
0x085F4000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0847F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0776C000 \SystemRoot\system32\DRIVERS\circlass.sys
0x0777E000 \SystemRoot\system32\DRIVERS\nvoclk64.sys
0x0778E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x077A0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06A00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0A82C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0AB18000 \SystemRoot\system32\drivers\portcls.sys
0x0AB55000 \SystemRoot\system32\drivers\drmk.sys
0x0AB77000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x0ABCA000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x0ABE6000 \SystemRoot\System32\drivers\Dxapi.sys
0x0A800000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x06A15000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05D5B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0A81D000 \SystemRoot\system32\DRIVERS\qicflt.sys
0x0ABF2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x030A1000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05D89000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05D9C000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x07AD0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05DAE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05DBC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05DD5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05DE3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05DF0000 \SystemRoot\system32\DRIVERS\point64.sys
0x05C00000 \SystemRoot\system32\DRIVERS\iBtFltCoex.sys
0x05C15000 \SystemRoot\system32\DRIVERS\btmhsf.sys
0x05C5E000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x2027A000 \SystemRoot\System32\Drivers\bthport.sys
0x20306000 \SystemRoot\system32\DRIVERS\monitor.sys
0x20314000 \SystemRoot\system32\DRIVERS\radpms.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x006B0000 \SystemRoot\System32\cdd.dll
0x2031B000 \SystemRoot\system32\drivers\luafv.sys
0x2033E000 \SystemRoot\system32\drivers\WudfPf.sys
0x2035F000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x2038B000 \SystemRoot\system32\drivers\BthEnum.sys
0x2039B000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x203BB000 \SystemRoot\system32\DRIVERS\btmaux.sys
0x203CF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x20200000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x20253000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x203E4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x20266000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x20CBB000 \SystemRoot\system32\drivers\HTTP.sys
0x20D84000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x20D8E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x20DAC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x20DC4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x20C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x20C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x20C72000 \SystemRoot\system32\drivers\nvhda64v.sys
0x20C9F000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x20CB2000 \SystemRoot\System32\Drivers\mvCmdemo.SYS
0x214FF000 \SystemRoot\system32\drivers\peauth.sys
0x215A5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x215B0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x215E1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x21400000 \SystemRoot\System32\DRIVERS\srv2.sys
0x21829000 \SystemRoot\System32\DRIVERS\srv.sys
0x218C1000 \SystemRoot\System32\drivers\ipnat.sys
0x218F0000 \SystemRoot\System32\Drivers\fastfat.SYS
0x21926000 \??\C:\Windows\system32\drivers\mbam.sys
0x21930000 \SystemRoot\system32\drivers\spsys.sys
0x76D10000 \Windows\System32\ntdll.dll
0x47940000 \Windows\System32\smss.exe
0xFF030000 \Windows\System32\apisetschema.dll
0xFF320000 \Windows\System32\autochk.exe
0xFF010000 \Windows\System32\nsi.dll
0xFEF40000 \Windows\System32\usp10.dll
0xFEED0000 \Windows\System32\gdi32.dll
0xFEE30000 \Windows\System32\clbcatq.dll
0xFEC50000 \Windows\System32\setupapi.dll
0xFEBF0000 \Windows\System32\Wldap32.dll
0xFEAE0000 \Windows\System32\msctf.dll
0x76C10000 \Windows\System32\user32.dll
0xFE960000 \Windows\System32\urlmon.dll
0xFE830000 \Windows\System32\rpcrt4.dll
0xFE700000 \Windows\System32\wininet.dll
0xFE6F0000 \Windows\System32\lpk.dll
0x76AF0000 \Windows\System32\kernel32.dll
0xFE650000 \Windows\System32\msvcrt.dll
0xFE600000 \Windows\System32\ws2_32.dll
0xFE520000 \Windows\System32\advapi32.dll
0x76EE0000 \Windows\System32\psapi.dll
0x76ED0000 \Windows\System32\normaliz.dll
0xFE4A0000 \Windows\System32\shlwapi.dll
0xFE420000 \Windows\System32\difxapi.dll
0xFD690000 \Windows\System32\shell32.dll
0xFD5F0000 \Windows\System32\comdlg32.dll
0xFD5D0000 \Windows\System32\sechost.dll
0xFD370000 \Windows\System32\iertutil.dll
0xFD350000 \Windows\System32\imagehlp.dll
0xFD140000 \Windows\System32\ole32.dll
0xFD060000 \Windows\System32\oleaut32.dll
0xFD030000 \Windows\System32\imm32.dll
0xFCFC0000 \Windows\System32\KernelBase.dll
0xFCF80000 \Windows\System32\cfgmgr32.dll
0xFCF60000 \Windows\System32\devobj.dll
0xFCEC0000 \Windows\System32\comctl32.dll
0xFCE80000 \Windows\System32\wintrust.dll
0xFCD10000 \Windows\System32\crypt32.dll
0xFCD00000 \Windows\System32\msasn1.dll
0x74DD0000 \Windows\SysWOW64\normaliz.dll

Processes (total 93):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
620 csrss.exe
764 C:\Windows\System32\wininit.exe
788 csrss.exe
820 C:\Windows\System32\services.exe
840 C:\Windows\System32\lsass.exe
848 C:\Windows\System32\lsm.exe
948 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\nvvsvc.exe
132 C:\Windows\System32\svchost.exe
668 C:\Windows\System32\svchost.exe
688 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\audiodg.exe
1156 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\winlogon.exe
1340 C:\Windows\System32\svchost.exe
1664 C:\Windows\System32\taskeng.exe
1684 C:\Windows\System32\spoolsv.exe
1708 C:\Windows\System32\rundll32.exe
1740 C:\Windows\System32\svchost.exe
1828 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1916 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1928 C:\Windows\System32\nvvsvc.exe
1124 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1220 C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
1412 C:\Windows\System32\svchost.exe
1644 C:\Windows\SysWOW64\svchost.exe
1844 C:\Windows\System32\svchost.exe
1964 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
2092 C:\Windows\System32\svchost.exe
2132 C:\Windows\SysWOW64\PnkBstrA.exe
2204 C:\Windows\System32\svchost.exe
2268 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
2436 C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
2464 C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
2972 C:\Windows\System32\taskhost.exe
3052 C:\Windows\System32\dwm.exe
2196 C:\Windows\explorer.exe
1416 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
2544 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\alg.exe
3224 C:\Windows\System32\svchost.exe
3340 C:\Windows\System32\svchost.exe
3644 C:\Windows\System32\rundll32.exe
3828 C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
3836 C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
3872 C:\Windows\System32\rundll32.exe
3884 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3996 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3460 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4044 C:\Windows\System32\hkcmd.exe
4084 C:\Windows\System32\igfxpers.exe
4060 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
3380 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
4040 C:\Program Files\Microsoft Security Client\msseces.exe
4120 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
4192 C:\Program Files\Windows Sidebar\sidebar.exe
4264 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
4300 C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe
4436 C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
4460 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
4520 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
4544 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
4588 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
4604 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
4996 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
5040 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
3604 C:\Windows\System32\SearchIndexer.exe
4176 C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
2916 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
4712 C:\Program Files\Windows Media Player\wmpnetwk.exe
3932 WmiPrvSE.exe
4720 C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
5264 C:\Windows\System32\SearchProtocolHost.exe
5300 C:\Windows\System32\SearchFilterHost.exe
5364 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5592 C:\Windows\System32\svchost.exe
3108 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
3492 C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
5428 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
4552 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
2700 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
6008 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
6088 C:\Windows\System32\sppsvc.exe
4200 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
5512 dllhost.exe
1264 dllhost.exe
4932 D:\Downloads\MBRCheck.exe
5340 C:\Windows\System32\conhost.exe
4076 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`e8800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: D005SDM1
PhysicalDrive1 Model Number: ST9500420AS, Rev: D005SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Edit: uninstalling MSE now ...

Edited by Sam Vervaeck, 22 February 2012 - 12:12 PM.

  • 0

#7
Sam Vervaeck

Sam Vervaeck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Avast! AV scan complete, it found one virus (in one of my old archives), but I think it was a false positive. Still, the file has been moved into quarantine and I'll keep it that way just to be sure.

Here's the logfile:

CmdLine - quick
aswBoot.exe /A:"*" /L:"1043" /heur:80 /RA:chest /pup /archives /IA:0 /KBD:3 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CmdLine end
SafeBoot: 0
CreateKbThread
new CKbBuffer
CKbBuffer::Init
CKbBuffer::Init end
NtCreateEvent(g_hStopEvent)
dep_osBeginThread - KbThread
CreateKbThread end
NtInitializeRegistry
KbThread start
ReadRegistry
DATA=C:\ProgramData\AVAST Software\Avast
PROG=C:\Program Files\AVAST Software\Avast
BUILD=1367
Windows 7 Ultimate Service Pack 1
SystemRoot=C:\Windows
TEMP=C:\Windows\TEMP
TMP=C:\Windows\TEMP
ReadRegistry end
CreateTemp
CreateTemp end
aswcmnbDllMain
cmnbInit
aswEnginDllMain(DLL_PROCESS_ATTACH)
InitLog
InitLog end
CmdLine - full
aswBoot.exe /A:"*" /L:"1043" /heur:80 /RA:chest /pup /archives /IA:0 /KBD:3 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CmdLine end
Program folder: C:\Program Files\AVAST Software\Avast
Engine folder: C:\Program Files\AVAST Software\Avast\defs\11112801
TimeStamp: 4ed36e42
Unschedule
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,61,00,73,00,77,00,42,00,
6F,00,6F,00,74,00,2E,00,65,00,78,00,65,00,20,00,
2F,00,41,00,3A,00,22,00,2A,00,22,00,20,00,2F,00,
4C,00,3A,00,22,00,31,00,30,00,34,00,33,00,22,00,
20,00,2F,00,68,00,65,00,75,00,72,00,3A,00,38,00,
30,00,20,00,2F,00,52,00,41,00,3A,00,63,00,68,00,
65,00,73,00,74,00,20,00,2F,00,70,00,75,00,70,00,
20,00,2F,00,61,00,72,00,63,00,68,00,69,00,76,00,
65,00,73,00,20,00,2F,00,49,00,41,00,3A,00,30,00,
20,00,2F,00,4B,00,42,00,44,00,3A,00,33,00,20,00,
2F,00,77,00,6F,00,77,00,20,00,2F,00,64,00,69,00,
72,00,3A,00,22,00,43,00,3A,00,5C,00,50,00,72,00,
6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,
6C,00,65,00,73,00,5C,00,41,00,56,00,41,00,53,00,
54,00,20,00,53,00,6F,00,66,00,74,00,77,00,61,00,
72,00,65,00,5C,00,41,00,76,00,61,00,73,00,74,00,
22,00,00,00,00,00,
Unschedule end
LoadResources
LoadResources end
InitReport
InitReport end
Global exclusions:
NtSetEvent(g_hInitEvent) - 1
CPU: Phys(4), Log(8), Aff(8), Feat(000007ff)
InitKeyboard
FreeMemory: 7760117760
avworkInitialize
g_dwKbdNum: 3
\Device\KeyboardClass2 failed: 0xC0000034
FreeMemory: 7758094336
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
s_dwKbdClassCnt: 2
InitKeyboard end
NtSetEvent(g_hInitEvent) - 2
GetKey
CKbBuffer::Wait
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Wait end
ProcessArea
avfilesScanAdd *MBR0
avfilesScanAdd *BOOTC:
Loading raw access support
avfilesScanAdd *RAW:C:\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *BOOTD:
avfilesScanAdd *RAW:D:\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *BOOTVolume{b259c492-cd9a-11e0-8b0d-806e6f6e6963}
avfilesScanAdd *RAW:Volume{b259c492-cd9a-11e0-8b0d-806e6f6e6963}\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]
avfilesScanRealMulti begin
GetErrorText
avfilesScanRealMulti finished
Runtime: 5819481ms
avworkClose
Unloading raw access support
Loading raw access support
Checking deleted files:
MarkFileRemoval
MarkFileRemoval end
TerminateKbThread
GetKey end (?/00)
CloseKeyboard
CloseKeyboard end
KbThread stop
CKbBuffer::~CKbBuffer
CKbBuffer::~CKbBuffer end
aswEnginDllMain(DLL_PROCESS_DETACH)
cmnbFree
FreeResources
CloseReport
CloseLog
  • 0

#8
Sam Vervaeck

Sam Vervaeck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Update

I was just testing if the virus was gone by doing some searches in google. I experienced no problems, untill I entered the same search query that I described in the first post and Avast! started flashing.

av-detect.png

This is the information page Avast! AV gave me (english version)

When clicking on the search result, the url got redirected to:
http://www.google.be.search.583134048.elegantdesign-dfw.net/url?sa=D&amp;source=web&amp;cd=101&amp;ved=32a5c&amp;url=http://www.conservatoriummechelen.be/index.php&amp;ei=25Mseq7I6a6zqY2IzlI09521oQ==&amp;usg=KzJZ2UdnGh-giXbNaGYgGT&amp;sig2=FmrbvG17IAyomV2abEiRiw
instead of:
[url="http://www.conservatoriummechelen.be/index.php?option=com_content&amp;view=section&amp;id=8&amp;Itemid=53&amp;lang=nl"]http://www.conservat...;id=8&Itemid=53&lang=n[/url]


Edit: some searching gave me this I meant this

Edited by Sam Vervaeck, 22 February 2012 - 03:32 PM.

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,003 posts
  • MVP
That's the file from the log folder. Need to look in the report folder. C:\ProgramData\Avast Software\Avast\report\aswboot.txt

We need to check for damages:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool.
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


Can you confirm that you installed LogMeIn?

How is it running now?
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,003 posts
  • MVP
Looks like Avast is doing its job. That site probably has been compromised.

Stick with Avast for a while and see how you like it. Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free.
  • 0

#11
Sam Vervaeck

Sam Vervaeck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hmm I liked MSE because it was free but ok I'll give Avast! a try. At least it detects this kind of attacks.

DDS.txt Logfile:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Sam at 22:33:37 on 2012-02-22
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.8086.5170 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Sam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7FEA4FC0-2D32-498F-8308-3FA5AF02E877} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7FEA4FC0-2D32-498F-8308-3FA5AF02E877}\030313447333035354739303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7FEA4FC0-2D32-498F-8308-3FA5AF02E877}\2626F68723D213563643 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7FEA4FC0-2D32-498F-8308-3FA5AF02E877}\2626F68723D293038303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7FEA4FC0-2D32-498F-8308-3FA5AF02E877}\469627B613 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7FEA4FC0-2D32-498F-8308-3FA5AF02E877}\94771697C4563737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7FEA4FC0-2D32-498F-8308-3FA5AF02E877}\D49647862716E6469627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C303EEE4-A7FA-4C58-8D90-BFF878F38DA9} : DhcpNameServer = 195.130.131.11 195.130.130.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\xqhe8rpc.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-8 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-22 44768]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-3 983104]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-23 13336]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-22 652360]
R2 mvCmdemo;mvCmdemo;C:\Windows\system32\Drivers\mvCmdemo.SYS --> C:\Windows\system32\Drivers\mvCmdemo.SYS [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-13 2253120]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-10 3027840]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-23 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtuele adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mvvideodemo;MaxiVista Virtual Video Demo;C:\Windows\system32\DRIVERS\mvvideodemo.sys --> C:\Windows\system32\DRIVERS\mvvideodemo.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 radpms;Driver for RADPMS Device;C:\Windows\system32\DRIVERS\radpms.sys --> C:\Windows\system32\DRIVERS\radpms.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-22 18:14:47 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-22 18:14:47 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-02-22 18:14:27 41184 ----a-w- C:\Windows\avastSS.scr
2012-02-22 18:14:20 -------- d-----w- C:\ProgramData\AVAST Software
2012-02-22 18:14:20 -------- d-----w- C:\Program Files\AVAST Software
2012-02-22 15:33:30 -------- d-----w- C:\Users\Sam\AppData\Roaming\Malwarebytes
2012-02-22 15:33:27 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-22 15:33:26 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-22 15:33:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-22 15:18:18 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-19 16:54:58 -------- d-----w- C:\Users\Sam\AppData\Local\ElevatedDiagnostics
2012-02-15 05:47:01 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 05:47:01 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 05:46:59 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 05:46:59 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 05:46:58 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 05:46:57 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 05:46:54 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 05:46:54 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 07:30:46 98816 ----a-w- C:\Windows\sed.exe
2012-02-14 07:30:46 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-14 07:30:46 256000 ----a-w- C:\Windows\PEV.exe
2012-02-14 07:30:46 208896 ----a-w- C:\Windows\MBR.exe
2012-02-14 07:02:46 -------- d-----w- C:\Users\Sam\AppData\Roaming\QuickScan
2012-02-12 20:21:58 -------- d-----w- C:\Users\Sam\AppData\Roaming\TeamViewer
2012-02-10 17:19:04 -------- d-----w- C:\Program Files (x86)\AutoHotkey
2012-02-10 10:38:03 35112 ----a-w- C:\Windows\System32\drivers\teamviewervpn.sys
2012-02-10 10:37:59 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-02-08 14:15:43 -------- d-----w- C:\Users\Sam\AppData\Roaming\Creative Boxes
2012-02-08 13:04:04 -------- d-----w- C:\Users\Sam\.netbeans-derby
2012-02-08 09:31:07 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-02-08 09:29:52 2085440 ----a-w- C:\Windows\System32\FMAPO64.dll
2012-02-08 09:27:46 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-02-08 09:27:46 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-02-08 09:27:46 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-02-08 09:27:46 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-02-08 09:27:46 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-02-08 09:27:46 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-02-08 09:27:46 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-02-08 09:27:45 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-02-08 09:27:45 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-02-08 09:06:05 -------- d-----w- C:\Program Files (x86)\JMicron
2012-02-07 19:32:44 -------- d-----w- C:\Program Files\Oracle
2012-02-07 19:32:10 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-02-07 18:24:32 3 ----a-w- C:\Windows\System32\OutN64proc64.dll
2012-02-07 18:24:32 1 ----a-w- C:\Windows\System32\InN64proc64.dll
2012-02-07 18:21:08 15568 ----a-w- C:\Windows\System32\drivers\mvCmdemo.SYS
2012-02-07 18:20:22 39120 ----a-w- C:\Windows\System32\mvvideodemo.dll
2012-02-07 18:20:22 14544 ----a-w- C:\Windows\System32\drivers\mvvideodemo.sys
2012-02-07 18:20:21 -------- d-----w- C:\Program Files\MaxiVista Demo Server
2012-02-07 16:56:34 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-02-03 19:56:06 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-03 19:56:04 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-03 19:56:03 -------- d-----w- C:\Users\Sam\AppData\Roaming\PunkBuster
2012-01-31 23:37:26 -------- d-----w- C:\Program Files (x86)\Dell
2012-01-30 22:52:53 -------- d-----w- C:\Users\Sam\AppData\Roaming\VOS
2012-01-30 15:53:02 -------- d-----w- C:\.netbeans
2012-01-28 13:54:35 -------- d-----w- C:\MyGame
.
==================== Find3M ====================
.
2012-01-31 03:59:04 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-12 18:31:47 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-07 17:22:48 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2011-12-07 17:22:36 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2011-12-07 17:22:36 34688 ----a-w- C:\Windows\System32\LMIport.dll
.
============= FINISH: 22:34:24,07 ===============

Attach.txt Logfile:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 23/08/2011 17:20:58
System Uptime: 22/02/2012 19:48:03 (3 hours ago)
.
Motherboard: Dell Inc. | | 0XN71K
Processor: Intel® Core™ i7-2720QM CPU @ 2.20GHz | CPU | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 288,382 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 189,993 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description:
Device ID: ACPI\SMO8800\1
Manufacturer:
Name:
PNP Device ID: ACPI\SMO8800\1
Service:
.
==== System Restore Points ===================
.
RP160: 22/02/2012 16:43:12 - OTL Restore Point - 22/02/2012 16:43:12
RP161: 22/02/2012 19:13:58 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader X (10.1.2) - Nederlands
Adobe Story
Assassin's Creed Brotherhood
Assassin's Creed II
AutoHotkey 1.1.05.06
avast! Free Antivirus
AVerMedia H339 Hybrid TV Tuner 2.2.64.64
BufferChm
C6300
CamStudio
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Dropbox
Empire: Total War
FL Studio 10
GPBaseService2
Halo CE Cracked Setup
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
IL Download Manager
ImgBurn
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
IronScheme 1.0-RC5
JDownloader 0.9
JMicron Flash Media Controller Driver
League of Legends
Malwarebytes Anti-Malware versie 1.60.1.1000
MediaMonkey 4.0
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 10.0.2 (x86 nl)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetBeans IDE 7.0.1
Nokia Connectivity Cable Driver
Nokia Suite
Notepad++
NVIDIA Performance
NVIDIA PhysX
NVIDIA System Monitor
NVIDIA System Update
Pando Media Booster
PDF Settings CS5
Pidgin
Plants vs. Zombies
PS_AIO_04_C6300_Software_Min
PunkBuster Services
PxMergeModule
Racket v5.2
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Rome - Total War
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Skype™ 5.5
SolutionCenter
SPORE™
StarCraft II
Status
Steam
Supreme Commander
System Requirements Lab
Team Fortress 2
TeamViewer 7
The Battle for Middle-earth ™ II
The Lord of the Rings, The Rise of the Witch-king
Toolbox
Total War: SHOGUN 2
TrayApp
Ubisoft Game Launcher
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.11
WebReg
.
==== End Of File ===========================

As for LogMeIn: it isn't visiblly running but still I noticed in one of the first reports that some kernel files (if I'm correct) were still loaded into the system. I just wanted to say that because I know it is a tunneling program and it might be a potential risk when such a program is still running in the background of my pc.

I've done some searching and this is entry in the OTL log I was referring to:

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

Hamachi has been uninstalled almost two weeks now.

Oh and I know MSE removed a virus, as I said in my first post, but the thing that is troubling me is how it got in in the first place. And with that I mean how that it is possible that, even with an antivirus, something was able to change my google search results and redirect me to a real virus (which I think has been removed).

Thanks again for the help by the way, I really appreciate the time and energy you spend helping people like me.

Attached Files


Edited by Sam Vervaeck, 22 February 2012 - 03:59 PM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,003 posts
  • MVP
We can delete all of the LogMeIn stuff with OTL:

Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Sam\AppData\Local\Spoon\3.32.1.5\npMozillaSpoonPlugin.dll File not found

:files
sc config hamachi start= disabled /c
C:\Windows\SysNative\drivers\hamachi.sys
sc delete hamachi /c
sc config LMIRfsClientNP start= disabled /c
C:\Windows\SysNative\LMIRfsClientNP.dll 
sc delete LMIRfsClientNP /c
sc config LMIRfsDriver start= disabled /c
C:\Windows\SysNative\drivers\LMIRfsDriver.sys 
sc delete LMIRfsDriver /c
sc config radpms start= disabled /c
C:\Windows\SysNative\drivers\radpms.sys 
sc delete radpms /c
sc config lmimirr start= disabled /c
C:\Windows\SysNative\drivers\lmimirr.sys 
sc delete lmimirr /c
C:\Program Files (x86)\LogMeIn 
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Are you still having problems with Office?

Ron
  • 0

#13
Sam Vervaeck

Sam Vervaeck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Wow thanks, worked like a charm!

Microsoft Office is working now. The previous time I ran it in safe mode so maybe that triggered the error.

Right now I'm testing google. So far so good: I've clicked quite some search results and not a single redirection.

I seems that the virus is gone, but I'm really anxious to know how I got infected in the first place. I mean: I only got the second virus (Win32/Fareit) because of some other virus that redirected my google search results. I really don't understand how that first one got into my machine. And now that it is gone, how was it removed? Do you think LogMeIn had something to do with it?

That left aside: thank you so much! Now I can finally relax and stop worrying about some virus that's possibly harming my computer.

Edited by Sam Vervaeck, 23 February 2012 - 02:23 PM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,003 posts
  • MVP
In my opinion using MSE is better than nothing but not much better. The other thing you need to do is cleanup your old Java versions and Adobe programs and make sure you have the latest. Older versions can be exploited. Of course you have to have the latest updates from Microsoft.

A few other things you can do to make browsing safer:

Use Firefox and get the AdBlock Plus add-on. Also try the NoScript add-on. (NoScript is a pain to use because you have to tell it when a site is allowed to run scripts but it will make your browsing a lot safer if you can stand it.)
  • 0

#15
Sam Vervaeck

Sam Vervaeck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for the tips, I'll make sure they are followed!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP