Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Check Virus infection [Solved]


  • This topic is locked This topic is locked

#1
Sirius Black

Sirius Black

    Member

  • Member
  • PipPip
  • 74 posts
I own an HP Pavilion laptop and while browsing online my browser (Firefox) shut down and the System Check box at the bottom said that I had a hard disk failure and it started scanning. When it was done I noticed a "Buy full version" tab and I became suspicious that it was a virus. The virus has already rebooted the PC on its own and fails to load many of the quick launch items. I have Eset Nod antivirus and it is currently scanning. Im using Windows 7.
This just happened a few moments ago so I have little information to pass on about whats happening with the PC.
Im looking to remove this thing as soon as possible.
Any and all help will be appreciated.
Thank you.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get to work then

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
    If it fails to run then rename the programme to winlogon
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Here are the reports you requested.
Thank you for getting back so quickly.

ROUGE KILLER REPORT 1:

RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: hp [Admin rights]
Mode: Scan -- Date: 03/19/2012 22:05:33

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 23 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
0.0.0.0 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232L9A300 ATA Device +++++
--- User ---
[MBR] b003c4aed177e95f1d7bb0c54cfd4748
[BSP] c44f6fa35f14649fb4c26ce7f19fff92 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292018 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598054912 | Size: 13216 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625135616 | Size: 3 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



ROUGE KILLER REPORT 2:

RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: hp [Admin rights]
Mode: Remove -- Date: 03/19/2012 22:06:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 23 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Users\hp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg)
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
0.0.0.0 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232L9A300 ATA Device +++++
--- User ---
[MBR] b003c4aed177e95f1d7bb0c54cfd4748
[BSP] c44f6fa35f14649fb4c26ce7f19fff92 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292018 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598054912 | Size: 13216 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625135616 | Size: 3 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



ROUGE KILLER REPORT 3:

RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: hp [Admin rights]
Mode: Shortcuts HJfix -- Date: 03/19/2012 22:11:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 92 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 20 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 339 / Fail 0
My documents: Success 9 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 2 / Fail 0
My music: Success 960 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 341 / Fail 0
Backup: [FOUND] Success 347 / Fail 0

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\SCDEmu\SCDEmuCd0 -- 0x5 --> Skipped
[G:] \Device\SCDEmu\SCDEmuCd1 -- 0x5 --> Skipped
[H:] \Device\SCDEmu\SCDEmuCd2 -- 0x5 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



OTL.Txt REPORT:


OTL logfile created on: 3/19/2012 10:16:35 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hp\Desktop\Incoming
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 50.81% Memory free
7.49 Gb Paging File | 6.02 Gb Available in Paging File | 80.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.17 Gb Total Space | 39.56 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 2.01 Gb Free Space | 15.61% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/19 05:18:01 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\Incoming\OTL.exe
PRC - [2011/11/15 03:15:02 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010/12/20 18:59:25 | 000,181,312 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2008/10/06 06:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 07:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)
SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/08/26 19:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/11/15 03:15:02 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/01/14 14:53:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/20 18:59:25 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2008/10/06 06:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/24 16:08:26 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/09/24 16:08:26 | 000,116,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2011/08/15 14:51:40 | 000,079,232 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvdfab.sys -- (dvdfab)
DRV:64bit: - [2011/07/12 11:55:18 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 11:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/10 07:36:12 | 000,848,384 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2010/11/20 03:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 03:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 01:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/26 17:40:56 | 000,186,056 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C771VSP.sys -- (C771VSP)
DRV:64bit: - [2010/08/26 17:40:56 | 000,071,752 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C771BUS.sys -- (C771BUS)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/11 22:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/16 09:07:10 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/11/16 09:07:04 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009/11/16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/11/16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/11/10 21:48:22 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/11/04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2009/10/09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/02 03:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 08:10:40 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/11/21 22:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/07/21 00:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/28 15:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/27 23:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/14 13:56:26 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cm_net.sys -- (cm_net)
DRV:64bit: - [2008/03/14 13:36:22 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cm_ser.sys -- (cm_ser)
DRV:64bit: - [2008/01/24 03:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2007/06/18 14:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/27 18:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/09/26 00:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67D7FE62-DD38-48E0-9480-A7D12163F62C}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{67D7FE62-DD38-48E0-9480-A7D12163F62C}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{ED905251-EDB7-4CA0-AF39-1551C50BCE24}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67D7FE62-DD38-48E0-9480-A7D12163F62C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67D7FE62-DD38-48E0-9480-A7D12163F62C}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{ED905251-EDB7-4CA0-AF39-1551C50BCE24}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3726545121-4211126991-36643745-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-3726545121-4211126991-36643745-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKU\S-1-5-21-3726545121-4211126991-36643745-1000\..\SearchScopes,DefaultScope = {67D7FE62-DD38-48E0-9480-A7D12163F62C}
IE - HKU\S-1-5-21-3726545121-4211126991-36643745-1000\..\SearchScopes\{67D7FE62-DD38-48E0-9480-A7D12163F62C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3726545121-4211126991-36643745-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3726545121-4211126991-36643745-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 04:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/13 14:10:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/12/15 23:35:02 | 000,000,000 | ---D | M]

[2010/01/23 22:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions
[2010/01/23 22:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/10 21:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\q2l386qa.default\extensions
[2011/01/07 00:02:12 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\q2l386qa.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2011/12/26 22:50:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\q2l386qa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/19 09:47:49 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\q2l386qa.default\extensions\[email protected]
[2011/01/07 00:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\q2l386qa.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2012/03/19 04:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2L386QA.DEFAULT\EXTENSIONS\{03D3EFE3-332D-4D5C-B69E-565437649F0E}.XPI
() (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2L386QA.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2L386QA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/19 04:49:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/06 22:32:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/06 22:32:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/13 15:09:04 | 000,001,349 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 0.0.0.0 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O3 - HKU\S-1-5-21-3726545121-4211126991-36643745-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3726545121-4211126991-36643745-1000..\Run: [DVDFab Passkey] C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe (Fengtao Software Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3726545121-4211126991-36643745-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.14.235.234 67.238.98.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72AEDFB1-6F8C-4282-BE96-99B83EA1CA03}: DhcpNameServer = 207.14.235.234 67.238.98.162
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{15e787e8-8fad-11e0-911e-08863b0231c1}\Shell - "" = AutoRun
O33 - MountPoints2\{15e787e8-8fad-11e0-911e-08863b0231c1}\Shell\AutoRun\command - "" = I:\Launcher.exe
O33 - MountPoints2\{253d8245-e514-11de-b22d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{253d8245-e514-11de-b22d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launcher.exe
O33 - MountPoints2\{7f2db9e1-4263-11e1-9801-00235a3d2af5}\Shell - "" = AutoRun
O33 - MountPoints2\{7f2db9e1-4263-11e1-9801-00235a3d2af5}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\TL-Bootstrap.exe
O33 - MountPoints2\{7f2dbba2-4263-11e1-9801-00235a3d2af5}\Shell - "" = AutoRun
O33 - MountPoints2\{7f2dbba2-4263-11e1-9801-00235a3d2af5}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
O33 - MountPoints2\{a73b1988-3131-11e1-9f2d-00235a3d2af5}\Shell - "" = AutoRun
O33 - MountPoints2\{a73b1988-3131-11e1-9f2d-00235a3d2af5}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
O33 - MountPoints2\{b9d353df-2466-11e1-aeba-00235a3d2af5}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d353df-2466-11e1-aeba-00235a3d2af5}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 22:05:17 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\RK_Quarantine
[2012/03/19 04:53:11 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/03/11 09:21:57 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/03/11 05:14:43 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys
[2012/03/11 05:13:35 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys
[2012/03/11 05:12:14 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys
[2012/03/11 05:12:12 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Aimersoft
[2012/03/11 05:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aimersoft
[2012/03/11 05:12:06 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2012/03/11 05:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aimersoft
[2012/03/11 03:57:37 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\100GOPRO
[2012/03/08 22:46:03 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Adobe
[2012/03/08 05:06:52 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Apple Computer
[2012/02/23 23:51:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/23 02:06:23 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Alien Skin
[2012/02/23 02:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alien Skin
[2012/02/23 02:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Alien Skin
[2012/02/23 02:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alien Skin
[2012/02/22 18:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Image Trends Inc
[2012/02/22 18:24:52 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\onOne Software
[2012/02/22 18:09:28 | 000,066,560 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\nlssrv32.exe
[2012/02/22 18:09:27 | 000,066,560 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysNative\nlssrv32.exe
[2012/02/22 18:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
[2012/02/22 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2012/02/22 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\onOne Software
[2012/02/22 18:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\onOne Software
[2012/02/22 18:07:37 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Photoshop Plugins
[2012/02/22 17:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Trends Inc
[2012/02/22 17:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Trends Inc
[2012/02/22 17:21:47 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Nik Software
[2012/02/22 17:16:57 | 000,000,000 | ---D | C] -- C:\Windows\MSSecurityNS
[2012/02/22 17:14:32 | 000,000,000 | ---D | C] -- C:\Windows\MSSecurityNi
[2012/02/22 17:10:22 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Nik Software
[2012/02/22 17:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Nik Software
[2012/02/22 17:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2012/02/21 04:26:45 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\OpenOffice.org
[2012/02/20 05:05:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012/02/20 05:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3

========== Files - Modified Within 30 Days ==========

[2012/03/19 22:03:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/19 13:03:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/19 05:28:23 | 000,782,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/19 05:28:23 | 000,662,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/19 05:28:23 | 000,121,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/19 05:28:19 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 05:28:19 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 05:21:52 | 000,000,440 | ---- | M] () -- C:\ProgramData\C0AI7szLsFLggn
[2012/03/19 05:20:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 05:20:42 | 3018,190,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 04:53:18 | 000,000,264 | ---- | M] () -- C:\ProgramData\~C0AI7szLsFLggn
[2012/03/19 04:53:17 | 000,000,176 | ---- | M] () -- C:\ProgramData\~C0AI7szLsFLggnr
[2012/03/19 04:53:11 | 000,000,677 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/19 04:53:11 | 000,000,653 | ---- | M] () -- C:\Users\hp\Desktop\System Check.lnk
[2012/03/17 12:00:36 | 3524,504,479 | ---- | M] () -- C:\Users\hp\Desktop\Archer.zip
[2012/03/16 02:10:00 | 000,023,552 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/12 05:18:35 | 015,583,491 | ---- | M] () -- C:\Users\hp\Desktop\Disposable-War.mp3
[2012/03/11 07:51:43 | 000,776,434 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/26 22:42:06 | 009,368,052 | ---- | M] () -- C:\Users\hp\Documents\Jims Story.odt
[2012/02/24 08:18:39 | 000,001,652 | ---- | M] () -- C:\Users\hp\AppData\Roaming\wklnhst.dat
[2012/02/23 23:49:19 | 005,176,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/21 04:27:08 | 000,001,235 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

========== Files Created - No Company Name ==========

[2012/03/19 22:06:55 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/03/19 22:06:51 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/19 22:06:49 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/03/19 22:06:49 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/03/19 22:06:47 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/19 22:06:40 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/19 22:06:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/03/19 22:06:40 | 000,002,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
[2012/03/19 22:06:40 | 000,002,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 1.5.lnk
[2012/03/19 22:06:40 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/03/19 22:06:40 | 000,001,505 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
[2012/03/19 22:06:40 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/03/19 22:06:40 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/03/19 22:06:40 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012/03/19 22:06:40 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.lnk
[2012/03/19 22:06:40 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/03/19 22:06:40 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
[2012/03/19 22:06:40 | 000,000,916 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/03/19 04:53:17 | 000,000,176 | ---- | C] () -- C:\ProgramData\~C0AI7szLsFLggnr
[2012/03/19 04:53:16 | 000,000,264 | ---- | C] () -- C:\ProgramData\~C0AI7szLsFLggn
[2012/03/19 04:53:11 | 000,000,677 | ---- | C] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/19 04:53:11 | 000,000,653 | ---- | C] () -- C:\Users\hp\Desktop\System Check.lnk
[2012/03/19 04:53:08 | 000,000,440 | ---- | C] () -- C:\ProgramData\C0AI7szLsFLggn
[2012/03/17 11:49:14 | 3524,504,479 | ---- | C] () -- C:\Users\hp\Desktop\Archer.zip
[2012/03/12 05:18:34 | 015,583,491 | ---- | C] () -- C:\Users\hp\Desktop\Disposable-War.mp3
[2012/03/11 05:12:06 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2012/03/11 05:12:06 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012/03/07 21:49:53 | 000,776,434 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/21 04:40:22 | 009,368,052 | ---- | C] () -- C:\Users\hp\Documents\Jims Story.odt
[2012/02/21 04:27:08 | 000,001,235 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/12/09 12:32:57 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/09 12:32:57 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/09 12:32:57 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/09 03:00:24 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2011/12/07 14:47:26 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2011/12/01 14:59:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011/11/22 12:16:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011/09/21 21:12:41 | 000,012,343 | ---- | C] () -- C:\Users\hp\AppData\Local\tmpIMG_0003_navi.JPG
[2011/09/21 21:12:32 | 001,220,628 | ---- | C] () -- C:\Users\hp\AppData\Local\tmpIMG_0003.0
[2011/09/21 21:12:32 | 000,786,639 | ---- | C] () -- C:\Users\hp\AppData\Local\tmpIMG_0003.JPG
[2011/06/04 15:34:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/08/09 00:03:49 | 000,001,652 | ---- | C] () -- C:\Users\hp\AppData\Roaming\wklnhst.dat
[2010/07/14 23:30:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

========== LOP Check ==========

[2012/02/22 18:22:58 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\onOne Software
[2012/02/22 18:22:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\onOne Software
[2011/07/24 18:23:39 | 000,032,728 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/11/20 02:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 02:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 03:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 03:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 15:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 15:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 15:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 15:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 02:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 02:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 03:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 03:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 03:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 03:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >
[2009/07/13 19:01:14 | 000,001,282 | ---- | M] () -- C:\Users\hp\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/07/13 19:01:14 | 000,000,442 | -HS- | M] () -- C:\Users\hp\AppData\Local\Temp\smtmp\1\desktop.ini

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: HP-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 C NTFS Partition 285 GB Healthy System
Volume 2 D RECOVERY NTFS Partition 12 GB Healthy

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1125 bytes -> C:\ProgramData\Microsoft:Mn5VLdW29sd4an7BlfuqfB
@Alternate Data Stream - 1081 bytes -> C:\Users\hp\AppData\Local\Temp:0Rx88UHPBmIesLq6JafeV
@Alternate Data Stream - 1016 bytes -> C:\ProgramData\Microsoft:48Cm2wlIdwOUyautKuiK5Wh

< End of report >

OTL EXTRAS.Txt REPORT:


OTL Extras logfile created on: 3/19/2012 10:16:35 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hp\Desktop\Incoming
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 50.81% Memory free
7.49 Gb Paging File | 6.02 Gb Available in Paging File | 80.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.17 Gb Total Space | 39.56 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 2.01 Gb Free Space | 15.61% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3726545121-4211126991-36643745-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BAD5736-35B9-F84D-9E1A-597F1B78FF44}" = ccc-utility64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7510991E-FE80-7466-2E31-561B52059618}" = ATI Catalyst Install Manager
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C6B80683-42E1-44BB-AB00-01DE6B82A393}" = ESET Smart Security
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Alien Skin Exposure 4" = Alien Skin Exposure 4
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07E785BF-510A-AA43-084E-FF06B3CE8C4C}" = CCC Help Chinese Standard
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{129EE758-124A-593C-1EBE-9A2D3A100316}" = Catalyst Control Center Localization Czech
"{13C300AF-179C-7350-77E0-61D5566AF864}" = Catalyst Control Center Graphics Full New
"{1545BCD9-DC1A-579C-FB16-170FBE27101D}" = Catalyst Control Center Localization French
"{159B866E-596E-2428-03DD-FF19A8495791}" = CCC Help Finnish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1740C09B-7E44-D6D5-3694-EA668878B42D}" = CCC Help Swedish
"{178B8E49-2A8E-398E-259B-273311195950}" = Catalyst Control Center Localization Chinese Traditional
"{1A16E615-CA3F-3F53-EF0E-AA8B5C20294A}" = CCC Help Spanish
"{1E98933B-FAA4-9E26-10E4-4EB58F4C6158}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24457508-7194-C5D8-FA37-95AA7E8461A9}" = Catalyst Control Center Localization Norwegian
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{32224A1F-AEC1-739A-5D30-537AB4495CA6}" = CCC Help Japanese
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34642316-CC37-4A01-9C14-014E283346C5}" = Catalyst Control Center Graphics Previews Common
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3604540D-3537-F7FA-726D-F1E60AEC29B4}" = CCC Help Dutch
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39ABC33D-45D6-6ED0-4D64-681F71A1B8E9}" = Skins
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{558FF444-F562-4E4C-98BD-7B20EE184D2E}" = Catalyst Control Center - Branding
"{561F720C-344E-3684-8091-ADC65B5A1C1D}" = CCC Help Czech
"{563E6B6A-A8E6-8EEA-23D5-C7B277E0E59B}" = CCC Help Italian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Perfect Photo Suite 6.0.1
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A793900-4ABA-A304-6BAC-D53DAC45E051}" = CCC Help Russian
"{5AE1721C-A430-4886-B3A1-8D6E5E6CD2A8}" = DxO Optics Pro 6
"{5BAF6C19-B082-397F-808B-68BCE9443BD8}" = Catalyst Control Center Localization Polish
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6044CBF5-7541-4541-AE10-BEEB05C226EA}" = Image Trends' Fisheye-Hemi Plug-In 1.2.3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E50E217-16CA-52FE-805C-A2B28DA5B4DC}" = CCC Help Korean
"{70188CEB-B52D-E085-47FF-D6CADF0D855C}" = Catalyst Control Center Localization Korean
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E655A4-3023-A61A-B325-DDB889CBD365}" = ccc-core-static
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{72F7ED33-5F14-1009-5517-30DBEA2C1681}" = Catalyst Control Center Graphics Light
"{775A633A-DDE9-55D5-16C1-33702198ACF4}" = Catalyst Control Center Localization German
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault™ Spearhead
"{7933FCE0-2C5C-2026-3E9D-7538A4C6CE67}" = CCC Help Portuguese
"{79719B38-DB69-9384-A52C-EA873A218072}" = Catalyst Control Center Localization Russian
"{79B44DF5-311C-99EC-470A-6558280DDBA4}" = CCC Help Polish
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7D512381-4BE8-AA6B-6D72-50A50DFF3C7B}" = Catalyst Control Center Localization Spanish
"{7F753BCE-0775-A20F-C570-B35FABC3E5A6}" = CCC Help Hungarian
"{80161382-D1D4-A6B8-7972-1946882556C7}" = Catalyst Control Center Core Implementation
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault™ Breakthrough
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{86F167DF-4007-A205-B420-BA5FFC6848D0}" = CCC Help Danish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{903B9154-FA33-61C4-5DBF-E22DB6CD02E4}" = Catalyst Control Center Localization Dutch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{94369BC3-9ED5-9E95-F5AC-A5D747AFD50E}" = Catalyst Control Center Localization Thai
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99543043-20E1-5C4C-02E9-4579AA3E407C}" = Catalyst Control Center Graphics Previews Vista
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A0E723B5-F219-1BA4-8E0F-E40AEF252CCB}" = Catalyst Control Center Localization Hungarian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5AACBDB-7E50-6374-B1CA-BCC6DF7224C0}" = Catalyst Control Center Localization Greek
"{A6C6F036-951A-532F-8BBE-D584E74C728E}" = CCC Help English
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD0CC7C0-2C63-1067-4F50-02F505D1D225}" = CCC Help Chinese Traditional
"{AD1963C9-501D-785F-8ADF-12668D9D7D6C}" = Catalyst Control Center Localization Finnish
"{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}" = Belkin N300 Micro USB Wireless Adapter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7382BC7-D988-F92B-9EA0-96A057DB9711}" = CCC Help French
"{B9B03499-F61D-FBA7-AEDE-E6CDAE983F2D}" = Catalyst Control Center Localization Italian
"{BAE19D51-2DC4-8154-DE72-EB78CAC7F08F}" = Catalyst Control Center Localization Swedish
"{BD09FCE9-9D5F-11D5-9E0F-0050FC0220CE}" = Powerpuff Girls ™
"{C0B31026-FA56-5F14-71B4-E956C83E6853}" = Catalyst Control Center Localization Portuguese
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C32CD965-A0AF-19B7-C5D5-D314876762A4}" = Catalyst Control Center Localization Chinese Standard
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4ACD120-3F6C-D6C8-DC37-DDE0B77DCA2E}" = Catalyst Control Center Localization Japanese
"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C88B6B79-A659-4DE5-0B4A-6FEEF9FA674F}" = Catalyst Control Center Graphics Full Existing
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D7928776-A89D-C7DA-DAF3-9B7FB1D9FA76}" = CCC Help German
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DF5E415F-71F2-CA46-A83D-5D4118939852}" = Catalyst Control Center Localization Danish
"{E1A4C03E-881C-128E-921C-A9D9F940E29F}" = Catalyst Control Center InstallProxy
"{E2D528DA-70E6-D634-47C8-BF80B59CC7EE}" = CCC Help Norwegian
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7DEB529-C2EF-DD45-DB4A-FA94F553D71C}" = Catalyst Control Center Localization Turkish
"{F1DC3E29-B4F1-7969-900E-376D258F1D1D}" = CCC Help Thai
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FB4C6AF2-315B-B351-8DA9-54F752B519BB}" = CCC Help Greek
"{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}" = C771 USB Driver V1.0.11.0
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"300 Modpack 2.1" = 300 Modpack 2.1
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player 10 ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Mythology 1.0" = Age of Mythology
"CardRecovery" = CardRecovery
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 4" = Color Efex Pro 4
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dfine 2.0 Stand-Alone" = Dfine 2.0
"DragonUnPACKer5_is1" = Dragon UnPACKer 5
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.5.3 (06/03/2012)
"EAW Big Battles Mod Version 2" = EAW Big Battles Mod Version 2
"HandBrake" = HandBrake 0.9.6
"HDR Efex Pro" = HDR Efex Pro
"InFlac" = InFlac 1.1.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.0
"Lara Croft and the Guardian of Light" = Lara Croft and the Guardian of Light
"Magic Bullet Suite 2.0" = Magic Bullet Suite 2.0
"MKVtoolnix" = MKVtoolnix 4.0.0
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Photodex Presenter" = Photodex Presenter
"PowerISO" = PowerISO
"Prism" = Prism Video Converter
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProShow Producer" = ProShow Producer
"Revo Uninstaller" = Revo Uninstaller 1.93
"Sharpener Pro 3.0 Stand-Alone" = Sharpener Pro 3.0
"Silver Efex Pro 2" = Silver Efex Pro 2
"TagScanner_is1" = TagScanner 5.1.605
"Viveza 2" = Viveza 2
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/14/2011 10:16:20 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4321

Error - 2/14/2011 10:16:21 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/14/2011 10:16:21 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5350

Error - 2/14/2011 10:16:21 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5350

Error - 2/14/2011 10:16:22 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/14/2011 10:16:22 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6364

Error - 2/14/2011 10:16:22 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6364

Error - 2/14/2011 10:16:23 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/14/2011 10:16:23 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7394

Error - 2/14/2011 10:16:23 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7394

[ System Events ]
Error - 3/13/2012 3:57:04 AM | Computer Name = hp-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 3/13/2012 3:57:04 AM | Computer Name = hp-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 3/16/2012 4:18:23 AM | Computer Name = hp-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR8.

Error - 3/16/2012 4:18:23 AM | Computer Name = hp-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR8.

Error - 3/16/2012 4:18:24 AM | Computer Name = hp-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR8.

Error - 3/16/2012 4:18:24 AM | Computer Name = hp-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR8.

Error - 3/16/2012 4:18:25 AM | Computer Name = hp-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR8.

Error - 3/19/2012 1:38:01 AM | Computer Name = hp-PC | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk2\DR17, is not ready for access yet.

Error - 3/19/2012 11:20:50 AM | Computer Name = hp-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 3/19/2012 11:20:50 AM | Computer Name = hp-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK looks like we have something a bit deeper . Once this run is complete could you let me know whether all shortcuts have returned and what problems are still apparent

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/03/19 04:53:11 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/03/19 05:21:52 | 000,000,440 | ---- | M] () -- C:\ProgramData\C0AI7szLsFLggn
    [2012/03/19 04:53:18 | 000,000,264 | ---- | M] () -- C:\ProgramData\~C0AI7szLsFLggn
    [2012/03/19 04:53:17 | 000,000,176 | ---- | M] () -- C:\ProgramData\~C0AI7szLsFLggnr
    [2012/03/19 04:53:11 | 000,000,677 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/03/19 04:53:11 | 000,000,653 | ---- | M] () -- C:\Users\hp\Desktop\System Check.lnk
    @Alternate Data Stream - 1125 bytes -> C:\ProgramData\Microsoft:Mn5VLdW29sd4an7BlfuqfB
    @Alternate Data Stream - 1081 bytes -> C:\Users\hp\AppData\Local\Temp:0Rx88UHPBmIesLq6JafeV
    @Alternate Data Stream - 1016 bytes -> C:\ProgramData\Microsoft:48Cm2wlIdwOUyautKuiK5Wh


    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C

    :Commands
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#5
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Ok, the quick launch icons have not reappeared in the lower pane of the screen.
The Desktop however, is now showing 4 new items: 1 folder "SKYNET" and 3 semi transparent files, 2 "desktop.ini" files and 1 "Thumbs.db" file. Possibly hidden files?

Here are the logs from the scans.

OTL log

OTL logfile created on: 3/20/2012 9:56:24 PM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\hp\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 69.49% Memory free
7.49 Gb Paging File | 6.30 Gb Available in Paging File | 84.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.17 Gb Total Space | 39.11 Gb Free Space | 13.71% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 2.01 Gb Free Space | 15.61% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/19 05:18:01 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
PRC - [2012/03/19 04:49:03 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/15 03:15:02 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010/12/20 18:59:25 | 000,181,312 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2008/10/06 06:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/19 04:49:03 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/23 23:51:23 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 07:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)
SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/08/26 19:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/11/15 03:15:02 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/01/14 14:53:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/20 18:59:25 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2008/10/06 06:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/24 16:08:26 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/09/24 16:08:26 | 000,116,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2011/08/15 14:51:40 | 000,079,232 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvdfab.sys -- (dvdfab)
DRV:64bit: - [2011/07/12 11:55:18 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 11:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/10 07:36:12 | 000,848,384 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2010/11/20 03:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 03:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 01:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/26 17:40:56 | 000,186,056 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C771VSP.sys -- (C771VSP)
DRV:64bit: - [2010/08/26 17:40:56 | 000,071,752 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C771BUS.sys -- (C771BUS)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/11 22:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/16 09:07:10 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/11/16 09:07:04 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009/11/16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/11/16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/11/10 21:48:22 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/11/04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2009/10/09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/02 03:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 08:10:40 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/11/21 22:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/07/21 00:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/28 15:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/27 23:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/14 13:56:26 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cm_net.sys -- (cm_net)
DRV:64bit: - [2008/03/14 13:36:22 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cm_ser.sys -- (cm_ser)
DRV:64bit: - [2008/01/24 03:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2007/06/18 14:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/27 18:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/09/26 00:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67D7FE62-DD38-48E0-9480-A7D12163F62C}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{67D7FE62-DD38-48E0-9480-A7D12163F62C}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{ED905251-EDB7-4CA0-AF39-1551C50BCE24}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67D7FE62-DD38-48E0-9480-A7D12163F62C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67D7FE62-DD38-48E0-9480-A7D12163F62C}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{ED905251-EDB7-4CA0-AF39-1551C50BCE24}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKCU\..\SearchScopes,DefaultScope = {67D7FE62-DD38-48E0-9480-A7D12163F62C}
IE - HKCU\..\SearchScopes\{67D7FE62-DD38-48E0-9480-A7D12163F62C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 04:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/13 14:10:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/12/15 23:35:02 | 000,000,000 | ---D | M]

[2010/01/23 22:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions
[2010/01/23 22:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/10 21:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\q2l386qa.default\extensions
[2011/01/07 00:02:12 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\q2l386qa.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2011/12/26 22:50:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\q2l386qa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/19 09:47:49 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\q2l386qa.default\extensions\[email protected]
[2011/01/07 00:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\q2l386qa.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2012/03/19 04:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2L386QA.DEFAULT\EXTENSIONS\{03D3EFE3-332D-4D5C-B69E-565437649F0E}.XPI
() (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2L386QA.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2L386QA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/19 04:49:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/06 22:32:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/06 22:32:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/13 15:09:04 | 000,001,349 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 0.0.0.0 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DVDFab Passkey] C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe (Fengtao Software Inc.)
O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.14.235.234 67.238.98.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72AEDFB1-6F8C-4282-BE96-99B83EA1CA03}: DhcpNameServer = 207.14.235.234 67.238.98.162
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{15e787e8-8fad-11e0-911e-08863b0231c1}\Shell - "" = AutoRun
O33 - MountPoints2\{15e787e8-8fad-11e0-911e-08863b0231c1}\Shell\AutoRun\command - "" = I:\Launcher.exe
O33 - MountPoints2\{253d8245-e514-11de-b22d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{253d8245-e514-11de-b22d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launcher.exe
O33 - MountPoints2\{7f2db9e1-4263-11e1-9801-00235a3d2af5}\Shell - "" = AutoRun
O33 - MountPoints2\{7f2db9e1-4263-11e1-9801-00235a3d2af5}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\TL-Bootstrap.exe
O33 - MountPoints2\{7f2dbba2-4263-11e1-9801-00235a3d2af5}\Shell - "" = AutoRun
O33 - MountPoints2\{7f2dbba2-4263-11e1-9801-00235a3d2af5}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
O33 - MountPoints2\{a73b1988-3131-11e1-9f2d-00235a3d2af5}\Shell - "" = AutoRun
O33 - MountPoints2\{a73b1988-3131-11e1-9f2d-00235a3d2af5}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
O33 - MountPoints2\{b9d353df-2466-11e1-aeba-00235a3d2af5}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d353df-2466-11e1-aeba-00235a3d2af5}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/20 21:46:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/20 21:44:20 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\hp\Desktop\tdsskiller.exe
[2012/03/19 22:05:17 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\RK_Quarantine
[2012/03/19 05:17:45 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2012/03/11 09:21:57 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/03/11 05:14:43 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys
[2012/03/11 05:13:35 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys
[2012/03/11 05:12:14 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys
[2012/03/11 05:12:12 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Aimersoft
[2012/03/11 05:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aimersoft
[2012/03/11 05:12:06 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2012/03/11 05:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aimersoft
[2012/03/11 03:57:37 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\100GOPRO
[2012/03/08 22:46:03 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Adobe
[2012/03/08 05:06:52 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Apple Computer
[2012/02/23 23:51:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/23 02:06:23 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Alien Skin
[2012/02/23 02:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alien Skin
[2012/02/23 02:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Alien Skin
[2012/02/23 02:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alien Skin
[2012/02/22 18:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Image Trends Inc
[2012/02/22 18:24:52 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\onOne Software
[2012/02/22 18:09:28 | 000,066,560 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\nlssrv32.exe
[2012/02/22 18:09:27 | 000,066,560 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysNative\nlssrv32.exe
[2012/02/22 18:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
[2012/02/22 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2012/02/22 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\onOne Software
[2012/02/22 18:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\onOne Software
[2012/02/22 18:07:37 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Photoshop Plugins
[2012/02/22 17:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Trends Inc
[2012/02/22 17:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Trends Inc
[2012/02/22 17:21:47 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Nik Software
[2012/02/22 17:16:57 | 000,000,000 | ---D | C] -- C:\Windows\MSSecurityNS
[2012/02/22 17:14:32 | 000,000,000 | ---D | C] -- C:\Windows\MSSecurityNi
[2012/02/22 17:10:22 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Nik Software
[2012/02/22 17:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Nik Software
[2012/02/22 17:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2012/02/21 04:26:45 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\OpenOffice.org
[2012/02/20 05:05:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012/02/20 05:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3

========== Files - Modified Within 30 Days ==========

[2012/03/20 21:56:08 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 21:56:08 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 21:53:08 | 000,782,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/20 21:53:08 | 000,662,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/20 21:53:08 | 000,121,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/20 21:48:52 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/20 21:48:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/20 21:48:23 | 3018,190,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 21:44:54 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\hp\Desktop\tdsskiller.exe
[2012/03/20 21:03:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/19 05:18:01 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2012/03/17 12:00:36 | 3524,504,479 | ---- | M] () -- C:\Users\hp\Desktop\Archer.zip
[2012/03/16 02:10:00 | 000,023,552 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/12 05:18:35 | 015,583,491 | ---- | M] () -- C:\Users\hp\Desktop\Disposable-War.mp3
[2012/03/11 07:51:43 | 000,776,434 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/26 22:42:06 | 009,368,052 | ---- | M] () -- C:\Users\hp\Documents\Jims Story.odt
[2012/02/24 08:18:39 | 000,001,652 | ---- | M] () -- C:\Users\hp\AppData\Roaming\wklnhst.dat
[2012/02/23 23:49:19 | 005,176,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/21 04:27:08 | 000,001,235 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

========== Files Created - No Company Name ==========

[2012/03/19 22:06:55 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/03/19 22:06:51 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/19 22:06:49 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/03/19 22:06:49 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/03/19 22:06:47 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/19 22:06:40 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/19 22:06:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/03/19 22:06:40 | 000,002,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
[2012/03/19 22:06:40 | 000,002,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 1.5.lnk
[2012/03/19 22:06:40 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/03/19 22:06:40 | 000,001,505 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
[2012/03/19 22:06:40 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/03/19 22:06:40 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/03/19 22:06:40 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012/03/19 22:06:40 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.lnk
[2012/03/19 22:06:40 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/03/19 22:06:40 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
[2012/03/19 22:06:40 | 000,000,916 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/03/17 11:49:14 | 3524,504,479 | ---- | C] () -- C:\Users\hp\Desktop\Archer.zip
[2012/03/12 05:18:34 | 015,583,491 | ---- | C] () -- C:\Users\hp\Desktop\Disposable-War.mp3
[2012/03/11 05:12:06 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2012/03/11 05:12:06 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012/03/07 21:49:53 | 000,776,434 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/21 04:40:22 | 009,368,052 | ---- | C] () -- C:\Users\hp\Documents\Jims Story.odt
[2012/02/21 04:27:08 | 000,001,235 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/12/09 12:32:57 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/09 12:32:57 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/09 12:32:57 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/09 03:00:24 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2011/12/07 14:47:26 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2011/12/01 14:59:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011/11/22 12:16:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011/09/21 21:12:41 | 000,012,343 | ---- | C] () -- C:\Users\hp\AppData\Local\tmpIMG_0003_navi.JPG
[2011/09/21 21:12:32 | 001,220,628 | ---- | C] () -- C:\Users\hp\AppData\Local\tmpIMG_0003.0
[2011/09/21 21:12:32 | 000,786,639 | ---- | C] () -- C:\Users\hp\AppData\Local\tmpIMG_0003.JPG
[2011/06/04 15:34:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/08/09 00:03:49 | 000,001,652 | ---- | C] () -- C:\Users\hp\AppData\Roaming\wklnhst.dat
[2010/07/14 23:30:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

========== LOP Check ==========

[2012/03/20 21:48:42 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



TDSSKILLER LOG

22:01:58.0581 2160 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
22:02:00.0606 2160 ============================================================
22:02:00.0606 2160 Current date / time: 2012/03/20 22:02:00.0606
22:02:00.0606 2160 SystemInfo:
22:02:00.0606 2160
22:02:00.0606 2160 OS Version: 6.1.7601 ServicePack: 1.0
22:02:00.0606 2160 Product type: Workstation
22:02:00.0606 2160 ComputerName: HP-PC
22:02:00.0606 2160 UserName: hp
22:02:00.0606 2160 Windows directory: C:\Windows
22:02:00.0606 2160 System windows directory: C:\Windows
22:02:00.0606 2160 Running under WOW64
22:02:00.0606 2160 Processor architecture: Intel x64
22:02:00.0606 2160 Number of processors: 2
22:02:00.0606 2160 Page size: 0x1000
22:02:00.0606 2160 Boot type: Normal boot
22:02:00.0606 2160 ============================================================
22:02:01.0949 2160 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:02:01.0955 2160 \Device\Harddisk0\DR0:
22:02:01.0955 2160 MBR used
22:02:01.0955 2160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23A59000
22:02:01.0955 2160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23A59800, BlocksNum 0x19D02B0
22:02:02.0052 2160 Initialize success
22:02:02.0052 2160 ============================================================
22:02:40.0424 3788 ============================================================
22:02:40.0424 3788 Scan started
22:02:40.0424 3788 Mode: Manual; SigCheck; TDLFS;
22:02:40.0424 3788 ============================================================
22:02:41.0017 3788 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:02:41.0145 3788 1394ohci - ok
22:02:41.0203 3788 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
22:02:41.0267 3788 Accelerometer - ok
22:02:41.0428 3788 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:02:41.0447 3788 ACPI - ok
22:02:41.0513 3788 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:02:41.0571 3788 AcpiPmi - ok
22:02:41.0769 3788 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
22:02:41.0780 3788 adfs - ok
22:02:41.0879 3788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:02:41.0934 3788 adp94xx - ok
22:02:41.0983 3788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:02:42.0034 3788 adpahci - ok
22:02:42.0190 3788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:02:42.0207 3788 adpu320 - ok
22:02:42.0329 3788 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:02:42.0392 3788 AFD - ok
22:02:42.0602 3788 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
22:02:42.0668 3788 AgereSoftModem - ok
22:02:42.0872 3788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:02:42.0884 3788 agp440 - ok
22:02:42.0924 3788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:02:42.0935 3788 aliide - ok
22:02:42.0981 3788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:02:42.0992 3788 amdide - ok
22:02:43.0077 3788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:02:43.0128 3788 AmdK8 - ok
22:02:43.0299 3788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:02:43.0354 3788 AmdPPM - ok
22:02:43.0444 3788 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
22:02:43.0456 3788 amdsata - ok
22:02:43.0487 3788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:02:43.0519 3788 amdsbs - ok
22:02:43.0667 3788 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
22:02:43.0695 3788 amdxata - ok
22:02:43.0768 3788 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:02:43.0828 3788 AppID - ok
22:02:44.0021 3788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:02:44.0050 3788 arc - ok
22:02:44.0070 3788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:02:44.0085 3788 arcsas - ok
22:02:44.0135 3788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:02:44.0219 3788 AsyncMac - ok
22:02:44.0369 3788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:02:44.0380 3788 atapi - ok
22:02:44.0484 3788 athr (8c56e93749ba53a4b645963d3439e01e) C:\Windows\system32\DRIVERS\athrx.sys
22:02:44.0543 3788 athr - ok
22:02:44.0850 3788 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
22:02:45.0105 3788 atikmdag - ok
22:02:45.0296 3788 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:02:45.0305 3788 AtiPcie - ok
22:02:45.0407 3788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:02:45.0452 3788 b06bdrv - ok
22:02:45.0628 3788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:02:45.0685 3788 b57nd60a - ok
22:02:45.0729 3788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:02:45.0804 3788 Beep - ok
22:02:46.0036 3788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:02:46.0082 3788 blbdrive - ok
22:02:46.0166 3788 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:02:46.0217 3788 bowser - ok
22:02:46.0386 3788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:02:46.0432 3788 BrFiltLo - ok
22:02:46.0459 3788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:02:46.0479 3788 BrFiltUp - ok
22:02:46.0513 3788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:02:46.0584 3788 Brserid - ok
22:02:46.0608 3788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:02:46.0659 3788 BrSerWdm - ok
22:02:46.0870 3788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:02:46.0924 3788 BrUsbMdm - ok
22:02:46.0952 3788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:02:46.0984 3788 BrUsbSer - ok
22:02:47.0024 3788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:02:47.0079 3788 BTHMODEM - ok
22:02:47.0294 3788 C771BUS (00729a4d11a86dfdb3b300d70df0f0b1) C:\Windows\system32\DRIVERS\C771BUS.sys
22:02:47.0305 3788 C771BUS - ok
22:02:47.0379 3788 C771VSP (5a8c764aa501f1df15121b0b0b2d3fcb) C:\Windows\system32\DRIVERS\C771VSP.sys
22:02:47.0408 3788 C771VSP - ok
22:02:47.0479 3788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:02:47.0542 3788 cdfs - ok
22:02:47.0727 3788 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:02:47.0779 3788 cdrom - ok
22:02:47.0866 3788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:02:47.0908 3788 circlass - ok
22:02:48.0053 3788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:02:48.0105 3788 CLFS - ok
22:02:48.0205 3788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:02:48.0237 3788 CmBatt - ok
22:02:48.0289 3788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:02:48.0300 3788 cmdide - ok
22:02:48.0465 3788 cm_net (f749e9cabb1572649715ec69bd68ca4e) C:\Windows\system32\DRIVERS\cm_net.sys
22:02:48.0508 3788 cm_net - ok
22:02:48.0544 3788 cm_ser (e9e160fed596d6555de17bc7a78aa424) C:\Windows\system32\DRIVERS\cm_ser.sys
22:02:48.0612 3788 cm_ser - ok
22:02:48.0659 3788 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:02:48.0720 3788 CNG - ok
22:02:48.0877 3788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:02:48.0913 3788 Compbatt - ok
22:02:48.0966 3788 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:02:49.0020 3788 CompositeBus - ok
22:02:49.0069 3788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:02:49.0082 3788 crcdisk - ok
22:02:49.0292 3788 dc3d (db0459afd124ce5ccb649e33f95d715f) C:\Windows\system32\DRIVERS\dc3d.sys
22:02:49.0357 3788 dc3d - ok
22:02:49.0545 3788 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:02:49.0609 3788 DfsC - ok
22:02:49.0673 3788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:02:49.0764 3788 discache - ok
22:02:49.0952 3788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:02:49.0981 3788 Disk - ok
22:02:50.0055 3788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:02:50.0094 3788 drmkaud - ok
22:02:50.0178 3788 dvdfab (eee504899a0cc781f09cf003ca897771) C:\Windows\system32\drivers\dvdfab.sys
22:02:50.0191 3788 dvdfab - ok
22:02:50.0379 3788 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:02:50.0407 3788 DXGKrnl - ok
22:02:50.0570 3788 eamon (85e3ed13ec107a20d9b018328e0c9737) C:\Windows\system32\DRIVERS\eamon.sys
22:02:50.0599 3788 eamon - ok
22:02:50.0718 3788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:02:50.0876 3788 ebdrv - ok
22:02:51.0041 3788 ehdrv (518fb66d5e21b2c246f96c1d9153cadc) C:\Windows\system32\DRIVERS\ehdrv.sys
22:02:51.0052 3788 ehdrv - ok
22:02:51.0148 3788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:02:51.0173 3788 elxstor - ok
22:02:51.0344 3788 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
22:02:51.0376 3788 enecir - ok
22:02:51.0425 3788 epfw (99698ff43533c0fdc75967d48001c25f) C:\Windows\system32\DRIVERS\epfw.sys
22:02:51.0455 3788 epfw - ok
22:02:51.0475 3788 Epfwndis (be1f150790123e1077cf95990394339d) C:\Windows\system32\DRIVERS\Epfwndis.sys
22:02:51.0485 3788 Epfwndis - ok
22:02:51.0644 3788 epfwwfp (6eb1d07c86913ad53ec5afa67b9453fd) C:\Windows\system32\DRIVERS\epfwwfp.sys
22:02:51.0670 3788 epfwwfp - ok
22:02:51.0723 3788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:02:51.0790 3788 ErrDev - ok
22:02:51.0974 3788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:02:52.0069 3788 exfat - ok
22:02:52.0095 3788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:02:52.0187 3788 fastfat - ok
22:02:52.0233 3788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:02:52.0299 3788 fdc - ok
22:02:52.0463 3788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:02:52.0492 3788 FileInfo - ok
22:02:52.0509 3788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:02:52.0596 3788 Filetrace - ok
22:02:52.0656 3788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:02:52.0688 3788 flpydisk - ok
22:02:52.0907 3788 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:02:52.0957 3788 FltMgr - ok
22:02:53.0025 3788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:02:53.0054 3788 FsDepends - ok
22:02:53.0070 3788 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:02:53.0098 3788 Fs_Rec - ok
22:02:53.0157 3788 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:02:53.0208 3788 fvevol - ok
22:02:53.0402 3788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:02:53.0461 3788 gagp30kx - ok
22:02:53.0541 3788 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:02:53.0552 3788 GEARAspiWDM - ok
22:02:53.0804 3788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:02:53.0844 3788 hcw85cir - ok
22:02:53.0925 3788 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:02:53.0968 3788 HdAudAddService - ok
22:02:54.0019 3788 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:02:54.0058 3788 HDAudBus - ok
22:02:54.0199 3788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:02:54.0246 3788 HidBatt - ok
22:02:54.0267 3788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:02:54.0327 3788 HidBth - ok
22:02:54.0365 3788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:02:54.0436 3788 HidIr - ok
22:02:54.0630 3788 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:02:54.0673 3788 HidUsb - ok
22:02:54.0731 3788 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
22:02:54.0742 3788 hpdskflt - ok
22:02:54.0800 3788 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:02:54.0834 3788 HpqKbFiltr - ok
22:02:55.0051 3788 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:02:55.0063 3788 HpSAMD - ok
22:02:55.0157 3788 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:02:55.0236 3788 HTTP - ok
22:02:55.0382 3788 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:02:55.0409 3788 hwpolicy - ok
22:02:55.0457 3788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:02:55.0490 3788 i8042prt - ok
22:02:55.0567 3788 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
22:02:55.0589 3788 iaStorV - ok
22:02:55.0651 3788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:02:55.0664 3788 iirsp - ok
22:02:55.0818 3788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:02:55.0829 3788 intelide - ok
22:02:55.0866 3788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:02:55.0919 3788 intelppm - ok
22:02:55.0968 3788 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:02:56.0024 3788 IpFilterDriver - ok
22:02:56.0073 3788 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:02:56.0089 3788 IPMIDRV - ok
22:02:56.0251 3788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:02:56.0338 3788 IPNAT - ok
22:02:56.0406 3788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:02:56.0455 3788 IRENUM - ok
22:02:56.0629 3788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:02:56.0640 3788 isapnp - ok
22:02:56.0691 3788 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:02:56.0709 3788 iScsiPrt - ok
22:02:56.0760 3788 JMCR (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys
22:02:56.0803 3788 JMCR - ok
22:02:56.0870 3788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:02:56.0881 3788 kbdclass - ok
22:02:57.0049 3788 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:02:57.0082 3788 kbdhid - ok
22:02:57.0141 3788 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:02:57.0156 3788 KSecDD - ok
22:02:57.0208 3788 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:02:57.0224 3788 KSecPkg - ok
22:02:57.0285 3788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:02:57.0366 3788 ksthunk - ok
22:02:57.0580 3788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:02:57.0661 3788 lltdio - ok
22:02:57.0721 3788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:02:57.0751 3788 LSI_FC - ok
22:02:57.0770 3788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:02:57.0800 3788 LSI_SAS - ok
22:02:57.0824 3788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:02:57.0853 3788 LSI_SAS2 - ok
22:02:58.0007 3788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:02:58.0037 3788 LSI_SCSI - ok
22:02:58.0074 3788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:02:58.0143 3788 luafv - ok
22:02:58.0296 3788 Maplom - ok
22:02:58.0308 3788 MaplomL - ok
22:02:58.0360 3788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:02:58.0403 3788 megasas - ok
22:02:58.0435 3788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:02:58.0472 3788 MegaSR - ok
22:02:58.0508 3788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:02:58.0553 3788 Modem - ok
22:02:58.0616 3788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:02:58.0657 3788 monitor - ok
22:02:58.0829 3788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:02:58.0841 3788 mouclass - ok
22:02:58.0910 3788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:02:58.0926 3788 mouhid - ok
22:02:58.0973 3788 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:02:59.0003 3788 mountmgr - ok
22:02:59.0059 3788 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:02:59.0073 3788 mpio - ok
22:02:59.0232 3788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:02:59.0314 3788 mpsdrv - ok
22:02:59.0357 3788 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:02:59.0398 3788 MRxDAV - ok
22:02:59.0461 3788 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:02:59.0495 3788 mrxsmb - ok
22:02:59.0711 3788 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:02:59.0754 3788 mrxsmb10 - ok
22:02:59.0811 3788 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:02:59.0826 3788 mrxsmb20 - ok
22:02:59.0881 3788 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:02:59.0892 3788 msahci - ok
22:02:59.0944 3788 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:02:59.0974 3788 msdsm - ok
22:03:00.0045 3788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:03:00.0089 3788 Msfs - ok
22:03:00.0204 3788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:03:00.0283 3788 mshidkmdf - ok
22:03:00.0322 3788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:03:00.0350 3788 msisadrv - ok
22:03:00.0387 3788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:03:00.0431 3788 MSKSSRV - ok
22:03:00.0486 3788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:03:00.0567 3788 MSPCLOCK - ok
22:03:00.0760 3788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:03:00.0847 3788 MSPQM - ok
22:03:00.0896 3788 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:03:00.0916 3788 MsRPC - ok
22:03:00.0967 3788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:03:00.0978 3788 mssmbios - ok
22:03:01.0000 3788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:03:01.0063 3788 MSTEE - ok
22:03:01.0214 3788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:03:01.0253 3788 MTConfig - ok
22:03:01.0291 3788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:03:01.0320 3788 Mup - ok
22:03:01.0363 3788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:03:01.0444 3788 NativeWifiP - ok
22:03:01.0640 3788 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:03:01.0675 3788 NDIS - ok
22:03:01.0828 3788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:03:01.0901 3788 NdisCap - ok
22:03:01.0947 3788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:03:02.0015 3788 NdisTapi - ok
22:03:02.0057 3788 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:03:02.0117 3788 Ndisuio - ok
22:03:02.0274 3788 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:03:02.0336 3788 NdisWan - ok
22:03:02.0390 3788 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:03:02.0485 3788 NDProxy - ok
22:03:02.0561 3788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:03:02.0638 3788 NetBIOS - ok
22:03:02.0787 3788 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:03:02.0863 3788 NetBT - ok
22:03:02.0973 3788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:03:03.0017 3788 nfrd960 - ok
22:03:03.0209 3788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:03:03.0287 3788 Npfs - ok
22:03:03.0318 3788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:03:03.0377 3788 nsiproxy - ok
22:03:03.0466 3788 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
22:03:03.0537 3788 Ntfs - ok
22:03:03.0669 3788 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:03:03.0680 3788 NuidFltr - ok
22:03:03.0733 3788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:03:03.0820 3788 Null - ok
22:03:03.0888 3788 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
22:03:03.0904 3788 nvraid - ok
22:03:04.0034 3788 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
22:03:04.0048 3788 nvstor - ok
22:03:04.0112 3788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:03:04.0125 3788 nv_agp - ok
22:03:04.0199 3788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:03:04.0252 3788 ohci1394 - ok
22:03:04.0436 3788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:03:04.0486 3788 Parport - ok
22:03:04.0535 3788 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:03:04.0564 3788 partmgr - ok
22:03:04.0619 3788 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:03:04.0635 3788 pci - ok
22:03:04.0692 3788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:03:04.0703 3788 pciide - ok
22:03:04.0732 3788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:03:04.0764 3788 pcmcia - ok
22:03:04.0914 3788 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
22:03:04.0952 3788 pcouffin - ok
22:03:04.0994 3788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:03:05.0023 3788 pcw - ok
22:03:05.0184 3788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:03:05.0256 3788 PEAUTH - ok
22:03:05.0408 3788 pfc - ok
22:03:05.0498 3788 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:03:05.0559 3788 PptpMiniport - ok
22:03:05.0613 3788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:03:05.0663 3788 Processor - ok
22:03:05.0850 3788 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:03:05.0910 3788 Psched - ok
22:03:06.0003 3788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:03:06.0055 3788 ql2300 - ok
22:03:06.0207 3788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:03:06.0221 3788 ql40xx - ok
22:03:06.0249 3788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:03:06.0308 3788 QWAVEdrv - ok
22:03:06.0334 3788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:03:06.0412 3788 RasAcd - ok
22:03:06.0492 3788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:03:06.0560 3788 RasAgileVpn - ok
22:03:06.0720 3788 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:03:06.0818 3788 Rasl2tp - ok
22:03:06.0903 3788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:03:06.0966 3788 RasPppoe - ok
22:03:06.0996 3788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:03:07.0056 3788 RasSstp - ok
22:03:07.0221 3788 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:03:07.0283 3788 rdbss - ok
22:03:07.0334 3788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:03:07.0383 3788 rdpbus - ok
22:03:07.0406 3788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:03:07.0470 3788 RDPCDD - ok
22:03:07.0657 3788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:03:07.0719 3788 RDPENCDD - ok
22:03:07.0733 3788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:03:07.0776 3788 RDPREFMP - ok
22:03:07.0821 3788 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:03:07.0882 3788 RDPWD - ok
22:03:07.0946 3788 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:03:07.0964 3788 rdyboost - ok
22:03:08.0192 3788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:03:08.0275 3788 rspndr - ok
22:03:08.0350 3788 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys
22:03:08.0402 3788 RTL8169 - ok
22:03:08.0494 3788 RTL8192cu (665ba29357882a8c5980b15b3a0123a4) C:\Windows\system32\DRIVERS\RTL8192cu.sys
22:03:08.0540 3788 RTL8192cu - ok
22:03:08.0616 3788 SASDIFSV (b2a29cc6c019fe738c39037c6218444c) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:03:08.0625 3788 SASDIFSV - ok
22:03:08.0655 3788 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:03:08.0664 3788 SASKUTIL - ok
22:03:08.0815 3788 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:03:08.0844 3788 sbp2port - ok
22:03:08.0931 3788 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
22:03:08.0943 3788 SCDEmu - ok
22:03:08.0990 3788 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:03:09.0069 3788 scfilter - ok
22:03:09.0322 3788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:03:09.0405 3788 secdrv - ok
22:03:09.0447 3788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:03:09.0494 3788 Serenum - ok
22:03:09.0528 3788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:03:09.0616 3788 Serial - ok
22:03:09.0659 3788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:03:09.0674 3788 sermouse - ok
22:03:09.0838 3788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:03:09.0892 3788 sffdisk - ok
22:03:09.0922 3788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:03:09.0957 3788 sffp_mmc - ok
22:03:09.0967 3788 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:03:09.0992 3788 sffp_sd - ok
22:03:10.0035 3788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:03:10.0083 3788 sfloppy - ok
22:03:10.0284 3788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:03:10.0328 3788 SiSRaid2 - ok
22:03:10.0347 3788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:03:10.0377 3788 SiSRaid4 - ok
22:03:10.0421 3788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:03:10.0467 3788 Smb - ok
22:03:10.0907 3788 SNPSTD3 (37d91c6385bb1104d67925fc43800ed0) C:\Windows\system32\DRIVERS\snpstd3.sys
22:03:11.0350 3788 SNPSTD3 - ok
22:03:11.0510 3788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:03:11.0537 3788 spldr - ok
22:03:11.0601 3788 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:03:11.0644 3788 srv - ok
22:03:11.0687 3788 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:03:11.0727 3788 srv2 - ok
22:03:11.0883 3788 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:03:11.0918 3788 srvnet - ok
22:03:11.0976 3788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:03:11.0989 3788 stexstor - ok
22:03:12.0061 3788 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
22:03:12.0104 3788 STHDA - ok
22:03:12.0311 3788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:03:12.0322 3788 swenum - ok
22:03:12.0439 3788 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
22:03:12.0455 3788 SynTP - ok
22:03:12.0646 3788 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:03:12.0709 3788 Tcpip - ok
22:03:12.0879 3788 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:03:12.0924 3788 TCPIP6 - ok
22:03:13.0079 3788 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:03:13.0122 3788 tcpipreg - ok
22:03:13.0193 3788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:03:13.0274 3788 TDPIPE - ok
22:03:13.0305 3788 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:03:13.0361 3788 TDTCP - ok
22:03:13.0489 3788 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:03:13.0574 3788 tdx - ok
22:03:13.0643 3788 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:03:13.0655 3788 TermDD - ok
22:03:13.0731 3788 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:03:13.0791 3788 tssecsrv - ok
22:03:13.0952 3788 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:03:13.0984 3788 TsUsbFlt - ok
22:03:14.0070 3788 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:03:14.0129 3788 tunnel - ok
22:03:14.0184 3788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:03:14.0213 3788 uagp35 - ok
22:03:14.0359 3788 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:03:14.0423 3788 udfs - ok
22:03:14.0511 3788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:03:14.0522 3788 uliagpkx - ok
22:03:14.0585 3788 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:03:14.0615 3788 umbus - ok
22:03:14.0759 3788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:03:14.0813 3788 UmPass - ok
22:03:14.0917 3788 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:03:14.0960 3788 USBAAPL64 - ok
22:03:15.0135 3788 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:03:15.0194 3788 usbaudio - ok
22:03:15.0303 3788 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
22:03:15.0407 3788 usbccgp - ok
22:03:15.0581 3788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:03:15.0660 3788 usbcir - ok
22:03:15.0791 3788 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
22:03:15.0843 3788 usbehci - ok
22:03:15.0897 3788 usbfilter (8fec71666aba7114f9cab9e56065ec80) C:\Windows\system32\DRIVERS\usbfilter.sys
22:03:15.0907 3788 usbfilter - ok
22:03:15.0939 3788 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
22:03:15.0979 3788 usbhub - ok
22:03:16.0007 3788 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
22:03:16.0061 3788 usbohci - ok
22:03:16.0196 3788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:03:16.0249 3788 usbprint - ok
22:03:16.0330 3788 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:03:16.0364 3788 USBSTOR - ok
22:03:16.0408 3788 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
22:03:16.0444 3788 usbuhci - ok
22:03:16.0581 3788 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:03:16.0601 3788 usbvideo - ok
22:03:16.0647 3788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:03:16.0659 3788 vdrvroot - ok
22:03:16.0728 3788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:03:16.0747 3788 vga - ok
22:03:16.0774 3788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:03:16.0850 3788 VgaSave - ok
22:03:16.0959 3788 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:03:16.0992 3788 vhdmp - ok
22:03:17.0056 3788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:03:17.0067 3788 viaide - ok
22:03:17.0118 3788 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:03:17.0131 3788 volmgr - ok
22:03:17.0192 3788 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:03:17.0213 3788 volmgrx - ok
22:03:17.0368 3788 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:03:17.0411 3788 volsnap - ok
22:03:17.0482 3788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:03:17.0513 3788 vsmraid - ok
22:03:17.0539 3788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:03:17.0591 3788 vwifibus - ok
22:03:17.0734 3788 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:03:17.0778 3788 vwififlt - ok
22:03:17.0826 3788 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:03:17.0863 3788 vwifimp - ok
22:03:17.0887 3788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:03:17.0903 3788 WacomPen - ok
22:03:18.0048 3788 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:03:18.0129 3788 WANARP - ok
22:03:18.0134 3788 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:03:18.0177 3788 Wanarpv6 - ok
22:03:18.0304 3788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:03:18.0316 3788 Wd - ok
22:03:18.0444 3788 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
22:03:18.0457 3788 WDC_SAM - ok
22:03:18.0494 3788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:03:18.0522 3788 Wdf01000 - ok
22:03:18.0727 3788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:03:18.0810 3788 WfpLwf - ok
22:03:18.0836 3788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:03:18.0866 3788 WIMMount - ok
22:03:18.0959 3788 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
22:03:18.0980 3788 WinUSB - ok
22:03:19.0179 3788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:03:19.0210 3788 WmiAcpi - ok
22:03:19.0287 3788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:03:19.0371 3788 ws2ifsl - ok
22:03:19.0476 3788 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
22:03:19.0486 3788 WsAudio_DeviceS(1) - ok
22:03:19.0563 3788 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
22:03:19.0572 3788 WsAudio_DeviceS(2) - ok
22:03:19.0606 3788 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
22:03:19.0629 3788 WsAudio_DeviceS(3) - ok
22:03:19.0701 3788 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:03:19.0783 3788 WudfPf - ok
22:03:19.0948 3788 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:03:20.0022 3788 WUDFRd - ok
22:03:20.0181 3788 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
22:03:20.0191 3788 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
22:03:20.0244 3788 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:03:20.0278 3788 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
22:03:20.0278 3788 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
22:03:20.0336 3788 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:03:20.0336 3788 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:03:20.0371 3788 Boot (0x1200) (5efce210fec595c2dfa1de05d3d97f7f) \Device\Harddisk0\DR0\Partition0
22:03:20.0372 3788 \Device\Harddisk0\DR0\Partition0 - ok
22:03:20.0397 3788 Boot (0x1200) (e6ffe6111a92557139dd1d9815cd62bf) \Device\Harddisk0\DR0\Partition1
22:03:20.0399 3788 \Device\Harddisk0\DR0\Partition1 - ok
22:03:20.0399 3788 ============================================================
22:03:20.0399 3788 Scan finished
22:03:20.0399 3788 ============================================================
22:03:20.0417 0884 Detected object count: 2
22:03:20.0417 0884 Actual detected object count: 2
22:05:13.0967 0884 \Device\Harddisk0\DR0\# - copied to quarantine
22:05:13.0970 0884 \Device\Harddisk0\DR0 - copied to quarantine
22:05:14.0037 0884 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
22:05:14.0041 0884 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
22:05:14.0046 0884 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
22:05:14.0050 0884 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
22:05:14.0055 0884 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
22:05:14.0060 0884 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
22:05:18.0700 0884 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
22:05:19.0242 0884 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
22:05:19.0247 0884 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
22:05:19.0732 0884 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:05:20.0248 0884 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:05:20.0759 0884 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:05:21.0303 0884 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:05:21.0826 0884 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
22:05:21.0830 0884 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
22:05:21.0835 0884 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
22:05:21.0878 0884 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
22:05:21.0898 0884 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
22:05:21.0961 0884 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
22:05:22.0032 0884 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
22:05:22.0053 0884 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
22:05:22.0059 0884 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
22:05:22.0064 0884 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
22:05:22.0110 0884 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
22:05:22.0168 0884 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
22:05:22.0176 0884 \Device\Harddisk0\DR0 - ok
22:05:23.0102 0884 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
22:05:23.0102 0884 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:05:23.0102 0884 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:05:48.0505 3452 Deinitialize success
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Re-run TDSSKiller and when you get this report select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

The items in the quick launch bar will need to be replaced manually

The system files we will rehide once done, after the MBAM run could you let me know what problems remain

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I reran the TDSSKiller program and it came back with no threats detected. Im not sure if I was supposed to set it up like it was on the first scan so I ran it as its setup after the program loads.
I then ran the Malwarebytes program.
Here is the log.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
hp :: HP-PC [administrator]

3/21/2012 10:22:00 PM
mbam-log-2012-03-21 (22-22-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195597
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

To pin a programme to the taskbar - right click it and select pin to taskbar
  • 0

#9
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
The computer is running good again.
The fake "System Check" shortcut is gone and there are no further windows popping up warning of possible system problems.
I'm wondering how this virus got in in the first place.
I wasn't downloading anything, just viewing news articles when the browser shut down.
I'm also disappointed that my Eset Nod anti virus program didnt catch this before it infiltrated the system.
Any suggestions as to how to prevent this from happening again?
Thank you so much for all your help.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You can be very easily infected by a hacked webpage - it is a very common way of doing driveby downloads nowadays. Some info here

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.


We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I've run through all the steps that you've outlined for cleaning the remaining files from the system.
All hidden files are now hidden again but I do have one folder that remains on the desktop that popped up when running the initial scans with OTL and Malwarebytes.
Its a User file "SKYNET" and contains several folders including "App Data" "Desktop", "Contacts", "Downloads", "My Music", "My Documents" and a few more. It also contains several "ntuser.dat files" I'm not sure what to do with this folder. Can I delete it from the desktop?

Other than that the computer is running great and Im currently updating programs using the FileHippo update tool.

Thanks for all your help.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You can delete that from the user accounts if it is a further user, if not then delete from the desktop
  • 0

#13
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Everything is running smoothly.
Thanks so much for all your help and your speedy reply.
You guys are amazing!!
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP