Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Check help needed please [Solved]


  • This topic is locked This topic is locked

#1
samboo1

samboo1

    Member

  • Member
  • PipPipPip
  • 135 posts
I got this virus a couple of days ago. Followed an online guide that used malware bytes and then tdss killer. It hasn't been popping up so it may have gone, but is there a log I can post for someone to check?

Also, despite the virus possibly being gone, all my files are still invisible and everything is just missing. How can I get them to appear again?

26/2/12 EDIT: So I managed to figure out how to get my files back, and I thought the virus had gone but I've bee getting AVG pop ups all day, so I ran a MBAM scan and it found a trojan (fakealert) AGAIN. I've got the log here:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.26.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sam :: SAM-PC [administrator]

26/02/2012 18:22:40
mbam-log-2012-02-26 (18-22-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214972
Time elapsed: 27 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\Sam\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Sam\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Sam\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0 (Adware.Hotbar.RB) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Users\Sam\AppData\Roaming\Giru\gibii.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Local\Temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.
C:\Users\Sam\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\RavenBleuSAHook.dll (Adware.Hotbar.RB) -> Quarantined and deleted successfully.

(end)

How can I stop these trojans?! :(

Edited by samboo1, 26 February 2012 - 01:32 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello samboo1 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4

Please don't forget to include these items in your reply:

  • OTL log
  • aswMBR log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#3
samboo1

samboo1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Thank you for the reply! :) Here are the OTL logs, I'm just doing the others now, which I shall put in a separate post.

OTL logfile created on: 27/02/2012 12:49:49 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Sam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 44.53% Memory free
4.10 Gb Paging File | 2.60 Gb Available in Paging File | 63.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 26.38 Gb Free Space | 23.65% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 59.29 Gb Free Space | 53.15% Space Free | Partition Type: NTFS
Drive F: | 421.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/27 12:48:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Downloads\OTL.scr
PRC - [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Sam\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/25 10:16:28 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/01/16 17:12:46 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/16 17:12:43 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/10/17 13:59:10 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2011/07/26 08:36:40 | 000,072,280 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntlgn.exe
PRC - [2011/07/26 08:36:40 | 000,068,184 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntctl.exe
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/09/14 16:56:46 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/09/09 12:57:47 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/09 12:57:47 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/09 12:57:44 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/15 23:04:41 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Sam\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/28 23:20:22 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
PRC - [2008/08/01 16:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/07/25 03:48:10 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/05/21 02:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/12 01:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
PRC - [2006/05/24 06:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/26 19:19:32 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll
MOD - [2012/02/26 19:19:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/26 17:56:21 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/26 17:56:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/26 17:52:12 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/02/16 14:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/16 17:12:43 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/11/10 16:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/13 15:51:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/07 16:00:47 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2009/01/29 06:03:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009/01/29 06:03:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009/01/29 06:03:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008/04/04 11:00:54 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2003/06/07 21:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/12 09:11:51 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/16 17:12:46 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/18 14:24:10 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/09 12:57:44 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/12 01:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/05/24 06:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - [2012/01/25 10:16:44 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/01/25 10:16:44 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/01/25 10:16:44 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/12/15 17:22:31 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/07/26 08:36:42 | 000,041,336 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/06/03 11:33:57 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2010/06/03 11:33:34 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2010/05/12 10:14:58 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/05/12 10:14:56 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/05/12 10:14:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/05/12 10:14:54 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/04/27 02:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/27 02:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/27 02:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/09 12:58:17 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/09/09 12:58:12 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/09 12:58:11 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/10 03:38:36 | 000,190,512 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/11/04 21:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/30 13:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007/12/26 06:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007/09/10 07:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/04/18 03:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/09/27 03:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/02 06:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2003/10/15 17:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=extensa_5630
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=extensa_5630

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=extensa_5630
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@novell.com/iPrint: C:\Windows\system32 [2012/02/26 17:46:35 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/16 17:12:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/25 17:59:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/28 19:47:17 | 000,000,000 | ---D | M]

[2010/02/23 22:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions
[2012/02/03 11:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\xjuem79g.default\extensions
[2012/02/25 17:30:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\xjuem79g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/30 19:13:53 | 000,002,257 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\xjuem79g.default\searchplugins\askcom.xml
[2012/02/25 17:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/24 20:53:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\SAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJUEM79G.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJUEM79G.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 14:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/16 17:12:42 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 10:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 10:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [Corel File Shell Monitor] c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [iPrint Event Monitor] C:\Windows\System32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\Windows\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Sam\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEA7D3BF-D8FF-4C67-80D2-1E52F99EC23D}: DhcpNameServer = 143.167.252.110 143.167.2.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3D1C079-226A-47AF-9FA7-965225CE9DBB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Sam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/02/20 18:21:58 | 000,045,056 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/04/05 17:32:30 | 000,000,157 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{002a20a9-ddc6-11df-912b-001d72fb9a5a}\Shell - "" = AutoRun
O33 - MountPoints2\{002a20a9-ddc6-11df-912b-001d72fb9a5a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1f21b4a1-a64a-11e0-a2fc-001d72fb9a5a}\Shell - "" = AutoRun
O33 - MountPoints2\{1f21b4a1-a64a-11e0-a2fc-001d72fb9a5a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2004/02/20 18:21:58 | 000,045,056 | R--- | M] ()
O33 - MountPoints2\{e44ae3dc-9426-11e0-b0ae-001d72fb9a5a}\Shell - "" = AutoRun
O33 - MountPoints2\{e44ae3dc-9426-11e0-b0ae-001d72fb9a5a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2004/02/20 18:21:58 | 000,045,056 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 18:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/02/26 18:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/26 18:21:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/20 15:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/02/20 11:04:11 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Malwarebytes
[2012/02/20 11:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/20 11:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/13 10:44:57 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\dvdcss
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/27 11:40:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1362338183-85738131-1295717343-1003UA.job
[2012/02/27 11:15:33 | 090,676,698 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/02/27 11:11:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/02/27 11:11:15 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 11:11:15 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 11:10:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/26 23:40:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1362338183-85738131-1295717343-1003Core.job
[2012/02/26 18:21:26 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/26 17:49:01 | 000,401,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/26 16:20:27 | 000,642,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/26 16:20:27 | 000,121,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/26 16:07:01 | 000,027,136 | ---- | M] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/25 18:03:50 | 000,000,020 | ---- | M] () -- C:\Users\Sam\Desktop\New WinRAR archive.rar
[2012/02/25 18:00:04 | 000,000,874 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/25 18:00:04 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/20 10:30:01 | 000,000,312 | ---- | M] () -- C:\ProgramData\SC4
[2012/02/20 10:30:01 | 000,000,192 | ---- | M] () -- C:\ProgramData\SC3
[2012/02/20 00:17:48 | 000,000,344 | ---- | M] () -- C:\ProgramData\SC2
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/26 18:21:26 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/25 18:03:50 | 000,000,020 | ---- | C] () -- C:\Users\Sam\Desktop\New WinRAR archive.rar
[2012/02/25 18:00:04 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/20 00:17:53 | 000,000,312 | ---- | C] () -- C:\ProgramData\SC4
[2012/02/20 00:17:53 | 000,000,192 | ---- | C] () -- C:\ProgramData\SC3
[2012/02/20 00:03:06 | 000,000,344 | ---- | C] () -- C:\ProgramData\SC2
[2011/11/01 12:15:36 | 000,254,352 | ---- | C] () -- C:\Windows\System32\npnipp.dll
[2011/11/01 12:15:36 | 000,080,472 | ---- | C] () -- C:\Windows\System32\nipplpte.exe
[2011/11/01 12:15:36 | 000,070,032 | ---- | C] () -- C:\Windows\System32\icapture.exe
[2011/11/01 12:15:36 | 000,041,336 | ---- | C] () -- C:\Windows\System32\drivers\nipplpt.sys
[2011/10/09 17:29:04 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2011/05/09 23:06:58 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2011/05/09 23:06:56 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2010/11/30 19:25:50 | 000,148,195 | ---- | C] () -- C:\Program Files\Common Files\BookViewer.xap
[2010/11/07 21:40:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/11/07 21:40:22 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/10/22 11:14:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/10/22 11:13:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/24 17:53:13 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/13 21:15:13 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C4B91B0712.sys
[2010/09/13 20:44:04 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/06/03 11:33:57 | 000,162,432 | ---- | C] () -- C:\Windows\System32\drivers\ithsgt.sys
[2010/06/03 11:33:34 | 000,012,032 | ---- | C] () -- C:\Windows\System32\drivers\lilsgt.sys
[2010/04/05 11:10:25 | 000,000,680 | ---- | C] () -- C:\Users\Sam\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2010/01/21 21:57:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\acccore
[2010/01/21 22:51:54 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\BitZipper
[2012/02/25 17:30:18 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\CopyTrans
[2011/06/11 14:06:12 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DAEMON Tools Pro
[2009/08/18 13:59:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\eSobi
[2011/07/09 22:55:18 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Fipae
[2012/02/26 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Giru
[2011/02/02 20:33:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Image Zone Express
[2009/09/17 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\InterVideo
[2011/07/04 22:24:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Leadertech
[2011/06/11 14:20:20 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Lionhead Studios
[2010/03/11 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Printer Info Cache
[2010/11/07 21:39:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Samsung
[2010/10/28 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SecondLife
[2012/02/26 22:54:55 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify
[2011/02/11 22:23:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Trusteer
[2010/05/22 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Ulead Systems
[2010/03/05 20:03:32 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Utherverse
[2012/02/25 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent
[2011/04/09 18:46:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\WindSolutions
[2012/02/26 23:40:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1362338183-85738131-1295717343-1003Core.job
[2012/02/27 11:40:00 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1362338183-85738131-1295717343-1003UA.job
[2012/02/26 23:41:27 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 02:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/20 18:22:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/20 18:22:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/20 18:22:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/20 18:22:29 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/11/20 18:22:29 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/20 18:22:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/20 18:22:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/20 18:22:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/20 18:22:29 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/11/20 18:22:29 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E60C72DB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

OTL Extras logfile created on: 27/02/2012 12:49:49 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Sam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 44.53% Memory free
4.10 Gb Paging File | 2.60 Gb Available in Paging File | 63.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 26.38 Gb Free Space | 23.65% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 59.29 Gb Free Space | 53.15% Space Free | Partition Type: NTFS
Drive F: | 421.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052B13E1-5E8A-4F61-9020-4A84B49C9D0A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{18821927-D4EF-4CC7-983B-9311A028A7B8}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{3E0F2389-3676-41C4-9840-2C563FA344F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73088585-950B-475B-80C4-39501406560B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BD1468A3-AFAB-42C1-B5CC-ECC9B94BBEB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C5CA2C05-3D1C-4E38-B1F1-0BF8C18E3DBB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057809D1-E0D5-4143-8B02-2A2A2676F570}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0C887FCF-7678-40AE-B56A-BA1E742126F1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0CDDBB73-51E9-4223-859D-770CC65037BE}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{1263E607-B8E8-4998-A195-BF377C098F58}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{12AA8AF5-8136-4563-AD4B-5CE3D5321EAC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{1ACCDD14-133F-4999-AEF0-684E6B6D5BAA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{265FC1E1-0B55-4EC4-A25E-83EE045463A5}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{2E770648-1DBF-4887-896C-C807FA9D2DC3}" = dir=in | app=c:\users\sam\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{36997B46-00DF-4BED-B39B-9D20928ED5ED}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{3905DCCC-0AAA-4A0F-937F-E94C2A7E0A3A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{3EAC020A-86DA-4C0B-9051-45923A8794CD}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{4538ED74-5F24-4D2B-BFD9-0EBDC0B4555B}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{4D6A3EC1-40C1-49A9-8E14-F84B820B30D8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{50825BDF-EAA6-467C-AA0F-C14123FBE1D1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{50A772D2-30E1-45B8-B200-FF6C1E75C669}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7D35DB8B-8F2C-496A-98C0-EF6C2943EF79}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{83A476ED-784D-4FC5-AE08-BC49B394BA1A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{870E6742-B0A5-445F-9D4F-4413A24BE158}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{895851DF-14E5-436D-BD79-596A84F6CE03}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{8C390979-BA6A-44AF-8DF3-44E0B3F86CBE}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{8F508A5C-868F-4F48-9754-593D4D173BB7}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{A1B8D6FD-1ABE-490C-BAE7-2A6C6C141B2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8758B12-96D8-4E9A-846D-150241E24CBB}" = protocol=6 | dir=in | app=c:\users\sam\appdata\local\akamai\netsession_win.exe |
"{BEF20725-7EB3-44DA-B96C-7C6E277714FF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C0F2DD7B-0999-4CC6-B862-1E15C28622D7}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{C40D427B-9284-4A0C-9FBC-B2DB842CB11A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C472ED85-98AE-49EA-970B-84CBA8F0B2C8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{CE1EE7DC-E263-4753-8388-D27D9E801359}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DDB05029-B9EB-40A7-9F90-8F517460EB32}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F692206B-A9F0-41F4-8DDF-D0884AE36F78}" = protocol=17 | dir=in | app=c:\users\sam\appdata\local\akamai\netsession_win.exe |
"{F9654CF3-136F-476E-9C76-51235DCEEB80}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{32DB85F2-0663-43B4-A96E-0D2CECF9BECB}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{B3D0C31A-903A-40F0-8109-037510DB29A7}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E61888C-3D42-4691-AD25-E9AF648EAB63}" = Trivial Pursuit Unhinged
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC VGA Camer@ Plus
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"AVG8Uninstall" = AVG Free 8.5
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BTHomeHub" = BTHomeHub
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D-Link VGA Webcam" = D-Link VGA Webcam
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2008-2009)
"EphPod" = EphPod
"Family Feud 2_is1" = Family Feud 2
"ffdshow_is1" = ffdshow [rev 3026] [2009-07-05]
"GoToAssist" = GoToAssist Corporate
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Nerf Arena Blast" = Nerf Arena Blast
"Novell iPrint Client" = Novell iPrint Client v05.68.00
"PCFriendly" = PCFriendly
"Picasa 3" = Picasa 3
"Plants vs. Zombies" = Plants vs. Zombies
"PROHYBRIDR" = 2007 Microsoft Office system
"Rapport_msi" = Rapport
"RollerCoaster Tycoon Setup" = Roll
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spotify" = Spotify
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Applications" = BT Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/02/2012 14:46:46 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 25/02/2012 14:46:46 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15834

Error - 25/02/2012 14:46:46 | Computer Name = Sam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15834

Error - 26/02/2012 12:04:44 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10
Description =

Error - 26/02/2012 13:50:28 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10
Description =

Error - 26/02/2012 14:22:20 | Computer Name = Sam-PC | Source = Perflib | ID = 1010
Description =

Error - 26/02/2012 14:22:31 | Computer Name = Sam-PC | Source = Perflib | ID = 1005
Description =

Error - 26/02/2012 14:22:31 | Computer Name = Sam-PC | Source = Perflib | ID = 1017
Description =

Error - 26/02/2012 15:05:34 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/02/2012 07:12:21 | Computer Name = Sam-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 25/02/2012 13:36:43 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/02/2012 14:12:06 | Computer Name = Sam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 25/02/2012 14:12:25 | Computer Name = Sam-PC | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.121.61.0 Loading engine version: 1.1.8001.0

Error - 26/02/2012 12:04:49 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/02/2012 12:06:43 | Computer Name = Sam-PC | Source = DCOM | ID = 10005
Description =

Error - 26/02/2012 12:06:43 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 26/02/2012 12:06:43 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/02/2012 13:50:28 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/02/2012 15:05:34 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/02/2012 07:12:22 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#4
samboo1

samboo1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-27 13:56:31
-----------------------------
13:56:31.613 OS Version: Windows 6.0.6002 Service Pack 2
13:56:31.613 Number of processors: 2 586 0x170A
13:56:31.613 ComputerName: SAM-PC UserName: Sam
13:56:33.627 Initialize success
13:56:37.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:56:37.363 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 3
13:56:37.472 Disk 0 MBR read successfully
13:56:37.472 Disk 0 MBR scan
13:56:37.472 Disk 0 unknown MBR code
13:56:37.503 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
13:56:37.519 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114243 MB offset 20482048
13:56:37.550 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 114230 MB offset 254451712
13:56:37.581 Disk 0 scanning sectors +488394752
13:56:37.659 Disk 0 scanning C:\Windows\system32\drivers
13:56:46.957 Service scanning
13:57:14.724 Modules scanning
13:57:41.213 Disk 0 trace - called modules:
13:57:41.229 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
13:57:41.229 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d97ac8]
13:57:41.244 3 CLASSPNP.SYS[8a5b58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8680ab98]
13:57:41.244 Scan finished successfully
13:58:50.035 Disk 0 MBR has been saved successfully to "C:\Users\Sam\Desktop\MBR.dat"
13:58:50.051 The log file has been saved successfully to "C:\Users\Sam\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   463bytes   85 downloads

  • 0

#5
samboo1

samboo1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
14:01:30.0042 4688 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
14:01:30.0167 4688 ============================================================
14:01:30.0167 4688 Current date / time: 2012/02/27 14:01:30.0167
14:01:30.0167 4688 SystemInfo:
14:01:30.0167 4688
14:01:30.0167 4688 OS Version: 6.0.6002 ServicePack: 2.0
14:01:30.0167 4688 Product type: Workstation
14:01:30.0167 4688 ComputerName: SAM-PC
14:01:30.0167 4688 UserName: Sam
14:01:30.0167 4688 Windows directory: C:\Windows
14:01:30.0167 4688 System windows directory: C:\Windows
14:01:30.0167 4688 Processor architecture: Intel x86
14:01:30.0167 4688 Number of processors: 2
14:01:30.0167 4688 Page size: 0x1000
14:01:30.0167 4688 Boot type: Normal boot
14:01:30.0167 4688 ============================================================
14:01:32.0694 4688 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:01:32.0709 4688 \Device\Harddisk0\DR0:
14:01:32.0709 4688 MBR used
14:01:32.0709 4688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDF21800
14:01:32.0709 4688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2AA000, BlocksNum 0xDF1B000
14:01:32.0787 4688 Initialize success
14:01:32.0787 4688 ============================================================
14:01:57.0596 4236 ============================================================
14:01:57.0596 4236 Scan started
14:01:57.0596 4236 Mode: Manual; SigCheck; TDLFS;
14:01:57.0596 4236 ============================================================
14:01:58.0423 4236 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:01:58.0517 4236 ACPI - ok
14:01:58.0579 4236 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:01:58.0610 4236 adp94xx - ok
14:01:58.0642 4236 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:01:58.0657 4236 adpahci - ok
14:01:58.0688 4236 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:01:58.0704 4236 adpu160m - ok
14:01:58.0735 4236 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:01:58.0751 4236 adpu320 - ok
14:01:58.0876 4236 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:01:58.0907 4236 AFD - ok
14:01:59.0016 4236 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:01:59.0032 4236 agp440 - ok
14:01:59.0094 4236 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:01:59.0110 4236 aic78xx - ok
14:01:59.0172 4236 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:01:59.0188 4236 aliide - ok
14:01:59.0250 4236 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:01:59.0266 4236 amdagp - ok
14:01:59.0297 4236 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:01:59.0312 4236 amdide - ok
14:01:59.0375 4236 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:01:59.0422 4236 AmdK7 - ok
14:01:59.0500 4236 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:01:59.0562 4236 AmdK8 - ok
14:01:59.0624 4236 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
14:01:59.0656 4236 androidusb - ok
14:01:59.0812 4236 ApfiltrService (e8885f571251a058dca0f058341b04c1) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:01:59.0827 4236 ApfiltrService - ok
14:01:59.0936 4236 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:01:59.0952 4236 arc - ok
14:02:00.0061 4236 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:02:00.0077 4236 arcsas - ok
14:02:00.0139 4236 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:02:00.0186 4236 AsyncMac - ok
14:02:00.0248 4236 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:02:00.0264 4236 atapi - ok
14:02:00.0311 4236 athr (99d78248bfd454bfa9b5bec37350fade) C:\Windows\system32\DRIVERS\athr.sys
14:02:00.0420 4236 athr - ok
14:02:00.0638 4236 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
14:02:00.0670 4236 AvgLdx86 - ok
14:02:00.0732 4236 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
14:02:00.0748 4236 AvgMfx86 - ok
14:02:00.0794 4236 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
14:02:00.0794 4236 AvgTdiX - ok
14:02:00.0888 4236 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:02:00.0935 4236 b57nd60x - ok
14:02:01.0060 4236 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:02:01.0122 4236 Beep - ok
14:02:01.0262 4236 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:02:01.0294 4236 blbdrive - ok
14:02:01.0434 4236 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:02:01.0496 4236 bowser - ok
14:02:01.0590 4236 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:02:01.0637 4236 BrFiltLo - ok
14:02:01.0699 4236 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:02:01.0746 4236 BrFiltUp - ok
14:02:01.0824 4236 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:02:01.0886 4236 Brserid - ok
14:02:01.0980 4236 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:02:02.0058 4236 BrSerWdm - ok
14:02:02.0152 4236 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:02:02.0214 4236 BrUsbMdm - ok
14:02:02.0292 4236 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:02:02.0370 4236 BrUsbSer - ok
14:02:02.0448 4236 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:02:02.0526 4236 BTHMODEM - ok
14:02:02.0651 4236 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:02:02.0729 4236 cdfs - ok
14:02:02.0900 4236 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:02:02.0947 4236 cdrom - ok
14:02:03.0041 4236 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:02:03.0088 4236 circlass - ok
14:02:03.0197 4236 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:02:03.0212 4236 CLFS - ok
14:02:03.0384 4236 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:02:03.0446 4236 CmBatt - ok
14:02:03.0478 4236 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:02:03.0493 4236 cmdide - ok
14:02:03.0618 4236 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:02:03.0618 4236 Compbatt - ok
14:02:03.0634 4236 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:02:03.0649 4236 crcdisk - ok
14:02:03.0680 4236 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:02:03.0727 4236 Crusoe - ok
14:02:03.0914 4236 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:02:03.0930 4236 DfsC - ok
14:02:04.0055 4236 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:02:04.0070 4236 disk - ok
14:02:04.0180 4236 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
14:02:04.0180 4236 DKbFltr - ok
14:02:04.0258 4236 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:02:04.0304 4236 Dot4 - ok
14:02:04.0429 4236 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:02:04.0476 4236 Dot4Print - ok
14:02:04.0554 4236 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:02:04.0601 4236 dot4usb - ok
14:02:04.0726 4236 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:02:04.0757 4236 drmkaud - ok
14:02:04.0850 4236 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:02:04.0866 4236 DXGKrnl - ok
14:02:04.0928 4236 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:02:04.0960 4236 E1G60 - ok
14:02:05.0100 4236 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:02:05.0116 4236 Ecache - ok
14:02:05.0194 4236 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:02:05.0209 4236 elxstor - ok
14:02:05.0318 4236 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:02:05.0350 4236 ErrDev - ok
14:02:05.0459 4236 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:02:05.0506 4236 exfat - ok
14:02:05.0677 4236 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:02:05.0724 4236 fastfat - ok
14:02:05.0818 4236 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:02:05.0864 4236 fdc - ok
14:02:05.0911 4236 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:02:05.0927 4236 FileInfo - ok
14:02:05.0942 4236 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:02:05.0989 4236 Filetrace - ok
14:02:06.0020 4236 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:02:06.0067 4236 flpydisk - ok
14:02:06.0208 4236 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:02:06.0223 4236 FltMgr - ok
14:02:06.0317 4236 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
14:02:06.0364 4236 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
14:02:06.0364 4236 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
14:02:06.0488 4236 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:02:06.0551 4236 Fs_Rec - ok
14:02:06.0613 4236 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:02:06.0629 4236 gagp30kx - ok
14:02:06.0691 4236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:02:06.0707 4236 GEARAspiWDM - ok
14:02:06.0878 4236 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:02:06.0988 4236 HdAudAddService - ok
14:02:07.0097 4236 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:02:07.0190 4236 HDAudBus - ok
14:02:07.0253 4236 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:02:07.0300 4236 HidBth - ok
14:02:07.0393 4236 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:02:07.0471 4236 HidIr - ok
14:02:07.0565 4236 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:02:07.0580 4236 HidUsb - ok
14:02:07.0705 4236 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:02:07.0721 4236 HpCISSs - ok
14:02:07.0892 4236 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:02:07.0955 4236 HSFHWAZL - ok
14:02:08.0017 4236 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:02:08.0111 4236 HSF_DPV - ok
14:02:08.0189 4236 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:02:08.0251 4236 HTTP - ok
14:02:08.0282 4236 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:02:08.0298 4236 i2omp - ok
14:02:08.0360 4236 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:02:08.0407 4236 i8042prt - ok
14:02:08.0532 4236 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:02:08.0563 4236 iaStorV - ok
14:02:08.0828 4236 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:02:09.0437 4236 igfx - ok
14:02:09.0640 4236 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:02:09.0655 4236 iirsp - ok
14:02:09.0920 4236 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
14:02:09.0936 4236 int15 - ok
14:02:10.0123 4236 IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys
14:02:10.0248 4236 IntcAzAudAddService - ok
14:02:10.0404 4236 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
14:02:10.0451 4236 IntcHdmiAddService - ok
14:02:10.0544 4236 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:02:10.0560 4236 intelide - ok
14:02:10.0591 4236 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:02:10.0622 4236 intelppm - ok
14:02:10.0716 4236 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:02:10.0747 4236 IpFilterDriver - ok
14:02:10.0825 4236 IpInIp - ok
14:02:10.0872 4236 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:02:10.0919 4236 IPMIDRV - ok
14:02:10.0934 4236 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:02:10.0981 4236 IPNAT - ok
14:02:11.0044 4236 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
14:02:11.0090 4236 irda - ok
14:02:11.0168 4236 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:02:11.0215 4236 IRENUM - ok
14:02:11.0278 4236 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:02:11.0293 4236 isapnp - ok
14:02:11.0402 4236 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:02:11.0418 4236 iScsiPrt - ok
14:02:11.0465 4236 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:02:11.0480 4236 iteatapi - ok
14:02:11.0574 4236 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:02:11.0590 4236 iteraid - ok
14:02:11.0699 4236 ithsgt (b7a5fadf67136fda7e8f25303565b674) C:\Windows\system32\DRIVERS\ithsgt.sys
14:02:11.0730 4236 ithsgt ( UnsignedFile.Multi.Generic ) - warning
14:02:11.0730 4236 ithsgt - detected UnsignedFile.Multi.Generic (1)
14:02:11.0792 4236 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:02:11.0808 4236 kbdclass - ok
14:02:11.0855 4236 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:02:11.0902 4236 kbdhid - ok
14:02:11.0980 4236 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:02:12.0011 4236 KSecDD - ok
14:02:12.0167 4236 lilsgt (16767ea492b5d140e1de3679a65eae74) C:\Windows\system32\DRIVERS\lilsgt.sys
14:02:12.0198 4236 lilsgt ( UnsignedFile.Multi.Generic ) - warning
14:02:12.0198 4236 lilsgt - detected UnsignedFile.Multi.Generic (1)
14:02:12.0260 4236 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:02:12.0292 4236 lltdio - ok
14:02:12.0401 4236 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:02:12.0416 4236 LSI_FC - ok
14:02:12.0463 4236 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:02:12.0479 4236 LSI_SAS - ok
14:02:12.0510 4236 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:02:12.0526 4236 LSI_SCSI - ok
14:02:12.0604 4236 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:02:12.0650 4236 luafv - ok
14:02:12.0713 4236 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
14:02:12.0728 4236 mcdbus ( UnsignedFile.Multi.Generic ) - warning
14:02:12.0728 4236 mcdbus - detected UnsignedFile.Multi.Generic (1)
14:02:12.0806 4236 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:02:12.0822 4236 megasas - ok
14:02:12.0884 4236 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:02:12.0916 4236 MegaSR - ok
14:02:12.0947 4236 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:02:12.0978 4236 Modem - ok
14:02:13.0056 4236 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:02:13.0103 4236 monitor - ok
14:02:13.0134 4236 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:02:13.0134 4236 mouclass - ok
14:02:13.0165 4236 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:02:13.0212 4236 mouhid - ok
14:02:13.0259 4236 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:02:13.0274 4236 MountMgr - ok
14:02:13.0337 4236 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:02:13.0352 4236 mpio - ok
14:02:13.0477 4236 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:02:13.0524 4236 mpsdrv - ok
14:02:13.0727 4236 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:02:13.0742 4236 Mraid35x - ok
14:02:13.0805 4236 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:02:13.0836 4236 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
14:02:13.0836 4236 MREMP50 - detected UnsignedFile.Multi.Generic (1)
14:02:13.0836 4236 MREMP50a64 - ok
14:02:13.0836 4236 MREMPR5 - ok
14:02:13.0852 4236 MRENDIS5 - ok
14:02:13.0867 4236 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:02:13.0898 4236 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
14:02:13.0898 4236 MRESP50 - detected UnsignedFile.Multi.Generic (1)
14:02:13.0898 4236 MRESP50a64 - ok
14:02:14.0023 4236 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:02:14.0054 4236 MRxDAV - ok
14:02:14.0086 4236 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:02:14.0132 4236 mrxsmb - ok
14:02:14.0179 4236 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:02:14.0304 4236 mrxsmb10 - ok
14:02:14.0382 4236 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:02:14.0398 4236 mrxsmb20 - ok
14:02:14.0460 4236 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
14:02:14.0538 4236 msahci - ok
14:02:14.0569 4236 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:02:14.0585 4236 msdsm - ok
14:02:14.0616 4236 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:02:14.0944 4236 Msfs - ok
14:02:15.0084 4236 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:02:15.0084 4236 msisadrv - ok
14:02:15.0380 4236 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:02:15.0412 4236 MSKSSRV - ok
14:02:15.0505 4236 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:02:15.0536 4236 MSPCLOCK - ok
14:02:15.0568 4236 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:02:15.0599 4236 MSPQM - ok
14:02:15.0661 4236 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:02:15.0677 4236 MsRPC - ok
14:02:15.0708 4236 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:02:15.0724 4236 mssmbios - ok
14:02:15.0802 4236 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:02:15.0848 4236 MSTEE - ok
14:02:15.0911 4236 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:02:15.0926 4236 Mup - ok
14:02:16.0036 4236 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:02:16.0098 4236 NativeWifiP - ok
14:02:16.0207 4236 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:02:16.0254 4236 NDIS - ok
14:02:16.0316 4236 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:02:16.0363 4236 NdisTapi - ok
14:02:16.0394 4236 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:02:16.0441 4236 Ndisuio - ok
14:02:16.0504 4236 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:02:16.0535 4236 NdisWan - ok
14:02:16.0566 4236 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:02:16.0613 4236 NDProxy - ok
14:02:16.0722 4236 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:02:16.0769 4236 NetBIOS - ok
14:02:16.0831 4236 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:02:16.0862 4236 netbt - ok
14:02:16.0987 4236 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:02:17.0003 4236 nfrd960 - ok
14:02:17.0159 4236 nipplpt2 (a1c70146fdee31469f261f3a34b46726) C:\Windows\system32\drivers\nipplpt.sys
14:02:17.0174 4236 nipplpt2 - ok
14:02:17.0252 4236 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:02:17.0299 4236 Npfs - ok
14:02:17.0393 4236 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
14:02:17.0424 4236 NSCIRDA - ok
14:02:17.0471 4236 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:02:17.0518 4236 nsiproxy - ok
14:02:17.0642 4236 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:02:17.0736 4236 Ntfs - ok
14:02:17.0845 4236 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
14:02:17.0861 4236 NTIDrvr - ok
14:02:17.0923 4236 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:02:17.0986 4236 ntrigdigi - ok
14:02:18.0064 4236 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:02:18.0110 4236 Null - ok
14:02:18.0188 4236 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:02:18.0204 4236 nvraid - ok
14:02:18.0235 4236 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:02:18.0251 4236 nvstor - ok
14:02:18.0313 4236 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:02:18.0329 4236 nv_agp - ok
14:02:18.0329 4236 NwlnkFlt - ok
14:02:18.0344 4236 NwlnkFwd - ok
14:02:18.0469 4236 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
14:02:18.0516 4236 ohci1394 - ok
14:02:18.0688 4236 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\Windows\system32\Drivers\ov519vid.sys
14:02:18.0719 4236 ovt519 ( UnsignedFile.Multi.Generic ) - warning
14:02:18.0719 4236 ovt519 - detected UnsignedFile.Multi.Generic (1)
14:02:18.0844 4236 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\Windows\system32\DRIVERS\PAC7302.SYS
14:02:18.0890 4236 PAC7302 - ok
14:02:18.0937 4236 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:02:19.0031 4236 Parport - ok
14:02:19.0124 4236 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:02:19.0140 4236 partmgr - ok
14:02:19.0171 4236 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:02:19.0234 4236 Parvdm - ok
14:02:19.0312 4236 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:02:19.0327 4236 pci - ok
14:02:19.0374 4236 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:02:19.0390 4236 pciide - ok
14:02:19.0499 4236 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
14:02:19.0514 4236 pcmcia - ok
14:02:19.0624 4236 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:02:19.0780 4236 PEAUTH - ok
14:02:19.0951 4236 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:02:19.0998 4236 PptpMiniport - ok
14:02:20.0076 4236 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:02:20.0123 4236 Processor - ok
14:02:20.0232 4236 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:02:20.0263 4236 PSched - ok
14:02:20.0404 4236 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:02:20.0482 4236 ql2300 - ok
14:02:20.0544 4236 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:02:20.0560 4236 ql40xx - ok
14:02:20.0622 4236 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:02:20.0653 4236 QWAVEdrv - ok
14:02:20.0934 4236 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
14:02:20.0950 4236 RapportCerberus_34302 - ok
14:02:21.0012 4236 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
14:02:21.0028 4236 RapportEI - ok
14:02:21.0230 4236 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
14:02:21.0293 4236 RapportIaso - ok
14:02:21.0418 4236 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\Windows\system32\Drivers\RapportKELL.sys
14:02:21.0433 4236 RapportKELL - ok
14:02:21.0527 4236 RapportPG (060f8e34707d68178a564935ce4546eb) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
14:02:21.0589 4236 RapportPG - ok
14:02:21.0745 4236 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:02:21.0776 4236 RasAcd - ok
14:02:21.0808 4236 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:02:21.0839 4236 Rasl2tp - ok
14:02:21.0886 4236 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:02:21.0932 4236 RasPppoe - ok
14:02:21.0979 4236 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:02:21.0995 4236 RasSstp - ok
14:02:22.0057 4236 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:02:22.0104 4236 rdbss - ok
14:02:22.0135 4236 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:02:22.0182 4236 RDPCDD - ok
14:02:22.0213 4236 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:02:22.0244 4236 rdpdr - ok
14:02:22.0276 4236 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:02:22.0322 4236 RDPENCDD - ok
14:02:22.0447 4236 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:02:22.0494 4236 RDPWD - ok
14:02:22.0572 4236 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
14:02:22.0588 4236 regi - ok
14:02:22.0666 4236 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:02:22.0712 4236 rspndr - ok
14:02:22.0806 4236 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:02:22.0822 4236 sbp2port - ok
14:02:22.0900 4236 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
14:02:22.0962 4236 sdbus - ok
14:02:23.0009 4236 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:02:23.0056 4236 secdrv - ok
14:02:23.0118 4236 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:02:23.0165 4236 Serenum - ok
14:02:23.0212 4236 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:02:23.0258 4236 Serial - ok
14:02:23.0290 4236 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:02:23.0336 4236 sermouse - ok
14:02:23.0383 4236 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:02:23.0414 4236 sffdisk - ok
14:02:23.0461 4236 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:02:23.0508 4236 sffp_mmc - ok
14:02:23.0586 4236 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:02:23.0617 4236 sffp_sd - ok
14:02:23.0680 4236 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:02:23.0742 4236 sfloppy - ok
14:02:23.0789 4236 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:02:23.0804 4236 sisagp - ok
14:02:23.0851 4236 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:02:23.0867 4236 SiSRaid2 - ok
14:02:23.0914 4236 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:02:23.0929 4236 SiSRaid4 - ok
14:02:23.0992 4236 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:02:24.0007 4236 Smb - ok
14:02:24.0054 4236 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:02:24.0070 4236 spldr - ok
14:02:24.0148 4236 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:02:24.0194 4236 srv - ok
14:02:24.0288 4236 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:02:24.0319 4236 srv2 - ok
14:02:24.0335 4236 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:02:24.0382 4236 srvnet - ok
14:02:24.0506 4236 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\Windows\system32\DRIVERS\ssadbus.sys
14:02:24.0522 4236 ssadbus - ok
14:02:24.0600 4236 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:02:24.0600 4236 ssadmdfl - ok
14:02:24.0631 4236 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\Windows\system32\DRIVERS\ssadmdm.sys
14:02:24.0647 4236 ssadmdm - ok
14:02:24.0662 4236 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
14:02:24.0678 4236 sscdbus - ok
14:02:24.0709 4236 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
14:02:24.0725 4236 sscdmdfl - ok
14:02:24.0740 4236 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
14:02:24.0756 4236 sscdmdm - ok
14:02:24.0865 4236 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys
14:02:24.0896 4236 StkAMini ( UnsignedFile.Multi.Generic ) - warning
14:02:24.0896 4236 StkAMini - detected UnsignedFile.Multi.Generic (1)
14:02:24.0943 4236 StkScan (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys
14:02:24.0959 4236 StkScan ( UnsignedFile.Multi.Generic ) - warning
14:02:24.0959 4236 StkScan - detected UnsignedFile.Multi.Generic (1)
14:02:25.0006 4236 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:02:25.0006 4236 swenum - ok
14:02:25.0037 4236 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:02:25.0052 4236 Symc8xx - ok
14:02:25.0084 4236 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:02:25.0084 4236 Sym_hi - ok
14:02:25.0115 4236 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:02:25.0130 4236 Sym_u3 - ok
14:02:25.0193 4236 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:02:25.0302 4236 Tcpip - ok
14:02:25.0380 4236 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:02:25.0458 4236 Tcpip6 - ok
14:02:25.0520 4236 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:02:25.0567 4236 tcpipreg - ok
14:02:25.0614 4236 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:02:25.0645 4236 TDPIPE - ok
14:02:25.0676 4236 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:02:25.0723 4236 TDTCP - ok
14:02:25.0770 4236 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:02:25.0801 4236 tdx - ok
14:02:25.0895 4236 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:02:25.0910 4236 TermDD - ok
14:02:25.0988 4236 TpChoice (3afff25eae28188fa4ecd292658be31b) C:\Windows\system32\DRIVERS\TpChoice.sys
14:02:26.0004 4236 TpChoice - ok
14:02:26.0035 4236 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:02:26.0066 4236 tssecsrv - ok
14:02:26.0098 4236 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:02:26.0129 4236 tunmp - ok
14:02:26.0160 4236 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:02:26.0176 4236 tunnel - ok
14:02:26.0207 4236 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:02:26.0222 4236 uagp35 - ok
14:02:26.0238 4236 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
14:02:26.0254 4236 UBHelper - ok
14:02:26.0316 4236 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:02:26.0378 4236 udfs - ok
14:02:26.0503 4236 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:02:26.0519 4236 uliagpkx - ok
14:02:26.0566 4236 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:02:26.0597 4236 uliahci - ok
14:02:26.0644 4236 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:02:26.0659 4236 UlSata - ok
14:02:26.0675 4236 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:02:26.0690 4236 ulsata2 - ok
14:02:26.0722 4236 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:02:26.0768 4236 umbus - ok
14:02:26.0893 4236 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:02:26.0924 4236 USBAAPL - ok
14:02:27.0018 4236 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
14:02:27.0065 4236 usbaudio - ok
14:02:27.0127 4236 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:02:27.0158 4236 usbccgp - ok
14:02:27.0205 4236 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:02:27.0252 4236 usbcir - ok
14:02:27.0346 4236 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:02:27.0361 4236 usbehci - ok
14:02:27.0424 4236 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:02:27.0470 4236 usbhub - ok
14:02:27.0486 4236 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:02:27.0533 4236 usbohci - ok
14:02:27.0580 4236 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:02:27.0611 4236 usbprint - ok
14:02:27.0642 4236 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:02:27.0658 4236 usbscan - ok
14:02:27.0782 4236 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:02:27.0798 4236 USBSTOR - ok
14:02:27.0860 4236 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:02:27.0892 4236 usbuhci - ok
14:02:27.0923 4236 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:02:27.0970 4236 usbvideo - ok
14:02:28.0048 4236 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:02:28.0094 4236 vga - ok
14:02:28.0141 4236 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:02:28.0157 4236 VgaSave - ok
14:02:28.0204 4236 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:02:28.0219 4236 viaagp - ok
14:02:28.0250 4236 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:02:28.0282 4236 ViaC7 - ok
14:02:28.0375 4236 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:02:28.0391 4236 viaide - ok
14:02:28.0438 4236 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:02:28.0453 4236 volmgr - ok
14:02:28.0484 4236 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:02:28.0516 4236 volmgrx - ok
14:02:28.0625 4236 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:02:28.0656 4236 volsnap - ok
14:02:28.0687 4236 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:02:28.0703 4236 vsmraid - ok
14:02:28.0843 4236 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:02:28.0906 4236 WacomPen - ok
14:02:28.0999 4236 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:02:29.0015 4236 Wanarp - ok
14:02:29.0046 4236 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:02:29.0077 4236 Wanarpv6 - ok
14:02:29.0155 4236 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:02:29.0171 4236 Wd - ok
14:02:29.0249 4236 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:02:29.0264 4236 Wdf01000 - ok
14:02:29.0342 4236 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:02:29.0420 4236 winachsf - ok
14:02:29.0530 4236 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:02:29.0561 4236 WmiAcpi - ok
14:02:29.0654 4236 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:02:29.0701 4236 WpdUsb - ok
14:02:29.0764 4236 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:02:29.0795 4236 ws2ifsl - ok
14:02:29.0920 4236 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:02:29.0951 4236 WUDFRd - ok
14:02:29.0998 4236 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
14:02:32.0806 4236 \Device\Harddisk0\DR0 - ok
14:02:32.0837 4236 Boot (0x1200) (2e8f701854df160b1266dcfedaa2b28c) \Device\Harddisk0\DR0\Partition0
14:02:32.0837 4236 \Device\Harddisk0\DR0\Partition0 - ok
14:02:32.0884 4236 Boot (0x1200) (c0643c1a2fd40cb1660562a314307da2) \Device\Harddisk0\DR0\Partition1
14:02:32.0884 4236 \Device\Harddisk0\DR0\Partition1 - ok
14:02:32.0884 4236 ============================================================
14:02:32.0884 4236 Scan finished
14:02:32.0884 4236 ============================================================
14:02:32.0899 4608 Detected object count: 9
14:02:32.0899 4608 Actual detected object count: 9
14:03:33.0505 4608 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:33.0505 4608 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:33.0505 4608 ithsgt ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:33.0505 4608 ithsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:33.0521 4608 lilsgt ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:33.0521 4608 lilsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:33.0521 4608 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:33.0521 4608 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:33.0521 4608 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:33.0521 4608 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:33.0536 4608 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:33.0536 4608 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:33.0536 4608 ovt519 ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:33.0536 4608 ovt519 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:33.0536 4608 StkAMini ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:33.0536 4608 StkAMini ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:33.0536 4608 StkScan ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:33.0536 4608 StkScan ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:47.0108 3316 Deinitialize success




Thank you!
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's do these two scans.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
    O33 - MountPoints2\{002a20a9-ddc6-11df-912b-001d72fb9a5a}\Shell - "" = AutoRun
    O33 - MountPoints2\{002a20a9-ddc6-11df-912b-001d72fb9a5a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{1f21b4a1-a64a-11e0-a2fc-001d72fb9a5a}\Shell - "" = AutoRun
    O33 - MountPoints2\{1f21b4a1-a64a-11e0-a2fc-001d72fb9a5a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2004/02/20 18:21:58 | 000,045,056 | R--- | M] ()
    O33 - MountPoints2\{e44ae3dc-9426-11e0-b0ae-001d72fb9a5a}\Shell - "" = AutoRun
    O33 - MountPoints2\{e44ae3dc-9426-11e0-b0ae-001d72fb9a5a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2004/02/20 18:21:58 | 000,045,056 | R--- | M] ()
    [2010/09/13 21:15:13 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C4B91B0712.sys

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post[/B]
  • 0

#7
samboo1

samboo1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{002a20a9-ddc6-11df-912b-001d72fb9a5a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{002a20a9-ddc6-11df-912b-001d72fb9a5a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{002a20a9-ddc6-11df-912b-001d72fb9a5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{002a20a9-ddc6-11df-912b-001d72fb9a5a}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f21b4a1-a64a-11e0-a2fc-001d72fb9a5a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f21b4a1-a64a-11e0-a2fc-001d72fb9a5a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f21b4a1-a64a-11e0-a2fc-001d72fb9a5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f21b4a1-a64a-11e0-a2fc-001d72fb9a5a}\ not found.
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e44ae3dc-9426-11e0-b0ae-001d72fb9a5a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e44ae3dc-9426-11e0-b0ae-001d72fb9a5a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e44ae3dc-9426-11e0-b0ae-001d72fb9a5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e44ae3dc-9426-11e0-b0ae-001d72fb9a5a}\ not found.
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
C:\ProgramData\C4B91B0712.sys moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sam\Downloads\cmd.bat deleted successfully.
C:\Users\Sam\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.33.2 log created on 02272012_230837

Files\Folders moved on Reboot...
File move failed. F:\Autorun.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#8
samboo1

samboo1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Just waiting on the KVR log. It says due to be finished in...7 days! Is that normal?!

Oh nevermind it is going down quite fast. I'll leave it to scan overnight and it should be done in the morning at this rate. I'll post tomorrow. Thanks :)

Edited by samboo1, 27 February 2012 - 06:25 PM.

  • 0

#9
samboo1

samboo1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Here is the other log, after 18 hours of scanning!

Status: Deleted (events: 1)
28/02/2012 00:26:32 Deleted Trojan program Exploit.JS.Pdfka.flb C:\Documents and Settings\Guest\AppData\Local\Mozilla\Firefox\Profiles\xg60xfei.default\Cache\4\00\C6CE4d01 High
Status: Quarantined (events: 2)
28/02/2012 02:04:11 Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Documents and Settings\Guest\AppData\Local\Mozilla\Firefox\Profiles\xg60xfei.default\Cache\D\7A\79398d01 High
28/02/2012 05:21:35 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Sam\AppData\Local\Temp\FF36.tmp High
Status: Detected (events: 2)
28/02/2012 00:49:40 Detected Trojan program HEUR:Exploit.Script.Generic C:\Documents and Settings\Guest\Local Settings\Mozilla\Firefox\Profiles\xg60xfei.default\Cache\D\7A\79398d01 High
28/02/2012 02:36:02 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Sam\Local Settings\Temp\FF36.tmp High
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good job!

  • How is your system now? Any problems?
  • Did you get all your files in Desktop and Start menu back?

  • 0

#11
samboo1

samboo1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
My system seems fine! Back to normal I think. Am I okay with just AVG for further protection? It's the only thing I have at the moment. I'm a little concerned that it let through the trojans I had to begin with...

And I did get all my files back, yeah. They were only hidden, not deleted which was a good thing.

Thanks very much for your help, I appreciate it! :)
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi samboo1,

Am I okay with just AVG for further protection?


You can use it together with Malwarebytes. Leave these two and you'll be fine :)

Good job! Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
&nbsp;&nbsp;
3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#13
samboo1

samboo1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Hi.

Just copy and pasted the first fix into OTL, and it sort of crashes my computer. Is that normal? I waited for about 20 minutes even though it looked like it had crashed then just force shut down my laptop. Should I just carry on waiting?
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Restart your system and skip Step 1. It's not important.Continue with other instructions.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP