Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware/Rootkit/Redirect

Started by MsChief , Sep 15 2010 09:29 AM

This topic is locked

#1
MsChief

Posted 15 September 2010 - 09:29 AM

Member

Member
33 posts

Please Help!
I am constantly being redirected to google image search or being told my page was not found. I have run anti mallware and antivirus programs and they do not seem to help.

#2
heir

Posted 15 September 2010 - 09:46 AM

Trusted Helper

Malware Removal
5,427 posts

Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.

#3
MsChief

Posted 15 September 2010 - 11:03 AM

Member

Topic Starter
Member
33 posts

Malware bytes Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4613

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/15/2010 12:22:04 PM
mbam-log-2010-09-15 (12-22-04).txt

Scan type: Quick scan
Objects scanned: 134103
Time elapsed: 25 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I think this is what I saved the GMER log as but clients came in and now I'm not sure:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:17:19 PM, on 8/13/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\tsnpstd3.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Users\LawClerkTS\Downloads\rminstall registry mechanic.exe
C:\Users\LAWCLE~1\AppData\Local\Temp\is-BTJRK.tmp\rminstall registry mechanic.tmp
C:\Users\LawClerkTS\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...Sys=DTP&M=T3626
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...Sys=DTP&M=T3626
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [LMPDPSRV] C:\Windows\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\9\Config\ereg.ini"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.1.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11095 bytes

#4
MsChief

Posted 15 September 2010 - 11:46 AM

Member

Topic Starter
Member
33 posts

... and my boss just told me he stopped the gmer scan I had elft running over night so I will be restarting it and posting that log soon... thsi is the OTL log:

OTL logfile created on: 9/15/2010 1:35:53 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\LawClerkTS\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 298.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.09 Gb Total Space | 82.58 Gb Free Space | 59.37% Space Free | Partition Type: NTFS
Drive D: | 9.96 Gb Total Space | 3.95 Gb Free Space | 39.70% Space Free | Partition Type: NTFS
Drive E: | 19.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAWCLERKTS-PC
Current User Name: LawClerkTS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/15 13:33:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\LawClerkTS\Downloads\OTL.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/07 20:44:36 | 000,101,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007/07/05 20:38:18 | 005,252,936 | ---- | M] (SpareBackup, Inc.) -- C:\Program Files\Spare Backup\SpareBackup.exe
PRC - [2007/04/23 00:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/10 15:43:52 | 000,270,336 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/09/19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2003/05/04 04:12:10 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2002/07/11 14:31:56 | 000,045,056 | ---- | M] (DeviceGuys) -- C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe

========== Modules (SafeList) ==========

MOD - [2010/09/15 13:33:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\LawClerkTS\Downloads\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/01 11:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/04/23 03:13:22 | 001,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/26 15:46:30 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/09/07 13:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 13:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/07/24 19:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...Sys=DTP&M=T3626
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2010/09/14 09:27:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [LMPDPSRV] C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe (DeviceGuys)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PPort9reminder] C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\LawClerkTS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{ba43ae1a-7963-11df-882a-001e906f7bc7}\Shell - "" = AutoRun
O33 - MountPoints2\{ba43ae1a-7963-11df-882a-001e906f7bc7}\Shell\AutoRun\command - "" = K:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/14 16:55:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/14 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\AppData\Roaming\Malwarebytes
[2010/09/14 09:18:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/14 09:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/14 09:18:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/14 09:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/14 09:16:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/14 09:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT 09 13 2010
[2010/09/10 13:23:55 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\AppData\Roaming\Avira
[2010/09/10 13:08:09 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/09/10 13:08:05 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/09/10 13:08:05 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/09/10 13:08:05 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/09/10 13:08:05 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/09/10 13:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/09/10 13:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/08/27 10:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/27 10:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zynga
[2010/08/26 13:56:43 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\Documents\SClarke divorce
[2010/08/17 15:27:13 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\Desktop\Programs
[2010/08/16 10:35:16 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/08/13 14:23:02 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\AppData\Roaming\Registry Mechanic
[2010/08/13 14:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/08/13 14:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/08/10 11:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/05 10:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/05 10:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 13:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/23 11:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/07/23 11:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/07/23 11:03:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/07/23 10:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/22 10:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/21 09:42:42 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/07/21 09:07:54 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\AppData\Local\Sunbelt Software
[2010/07/21 09:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/07/02 10:04:48 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\Documents\My Beach Pics
[2010/06/30 13:49:44 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\copy of backup drive
[2009/02/06 10:37:06 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2009/02/06 10:37:06 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2009/02/06 10:37:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2009/02/06 10:37:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

========== Files - Modified Within 90 Days ==========

[2010/09/15 13:35:38 | 004,980,736 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat
[2010/09/15 12:56:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 12:56:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 11:13:28 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/09/15 02:28:59 | 000,524,288 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat{e922ccb0-7eed-11df-899a-001e906f7bc7}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 02:28:59 | 000,065,536 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat{e922ccb0-7eed-11df-899a-001e906f7bc7}.TM.blf
[2010/09/14 16:56:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/14 16:55:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/14 16:55:52 | 210,656,233 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/14 09:28:16 | 003,251,315 | -H-- | M] () -- C:\Users\LawClerkTS\AppData\Local\IconCache.db
[2010/09/14 09:18:39 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/14 09:16:17 | 000,000,792 | ---- | M] () -- C:\Users\LawClerkTS\Desktop\NTREGOPT.lnk
[2010/09/14 09:16:17 | 000,000,773 | ---- | M] () -- C:\Users\LawClerkTS\Desktop\ERUNT.lnk
[2010/09/13 14:04:16 | 000,000,162 | -H-- | M] () -- C:\Users\LawClerkTS\Documents\~$Master Return Address Envelope.doc
[2010/09/10 14:33:19 | 000,033,280 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Schroeder to Hartford.doc
[2010/09/10 14:21:16 | 000,033,280 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Schroeder American Funds.doc
[2010/09/10 14:08:23 | 000,036,352 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Schroeder BNY cover.doc
[2010/09/10 13:08:51 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/09/09 13:26:16 | 000,270,511 | ---- | M] () -- C:\Users\LawClerkTS\Documents\template subpeona deuces tecum.pdf
[2010/09/08 11:57:15 | 000,035,328 | ---- | M] () -- C:\Users\LawClerkTS\Documents\WPace est Application for Attorney Fees edited TLS.doc
[2010/09/08 11:07:37 | 000,031,744 | ---- | M] () -- C:\Users\LawClerkTS\Documents\mcclurkin cover accounting.doc
[2010/09/08 10:51:04 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/08 10:51:04 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/08 10:51:04 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/07 12:51:04 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/09/03 14:55:46 | 000,022,528 | ---- | M] () -- C:\Users\LawClerkTS\Documents\A Master Return Address Envelope.doc
[2010/09/02 14:15:41 | 000,013,156 | ---- | M] () -- C:\Users\LawClerkTS\Documents\cc_20100902_141536.reg
[2010/09/01 10:38:59 | 000,150,174 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Benson Deed.pdf
[2010/08/30 11:36:12 | 000,013,068 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Monday August 30 job report.docx
[2010/08/30 10:30:26 | 000,046,800 | ---- | M] () -- C:\Users\LawClerkTS\Documents\house bill 478.docx
[2010/08/26 10:02:09 | 000,309,098 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Benson 2010 accounting.pdf
[2010/08/25 11:04:24 | 000,011,608 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Wednesday August 25 job report.docx
[2010/08/19 09:19:21 | 000,300,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/17 10:57:40 | 000,028,160 | ---- | M] () -- C:\Users\LawClerkTS\Documents\CMoore contested C no kids TLS.doc
[2010/08/16 11:10:14 | 000,746,892 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2010/08/05 10:33:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/07/23 11:10:17 | 000,072,208 | ---- | M] () -- C:\Users\LawClerkTS\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/23 11:02:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/07/23 11:02:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/07/21 09:42:42 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/07/12 13:23:11 | 000,044,675 | ---- | M] () -- C:\Users\LawClerkTS\Documents\fax_email cover.rtf
[2010/07/09 12:53:58 | 000,012,941 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Speech 1000 2010 Class List.docx
[2010/06/23 11:06:00 | 000,001,356 | ---- | M] () -- C:\Users\LawClerkTS\AppData\Local\d3d9caps.dat
[2010/06/23 10:57:49 | 000,524,288 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat{e922ccb0-7eed-11df-899a-001e906f7bc7}.TMContainer00000000000000000002.regtrans-ms
[2010/06/23 10:55:59 | 004,980,736 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat_previous
[2010/06/23 10:53:21 | 000,524,288 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat{ea4ac344-27c1-11df-92f7-deab28d772e7}.TMContainer00000000000000000001.regtrans-ms
[2010/06/23 10:53:21 | 000,065,536 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat{ea4ac344-27c1-11df-92f7-deab28d772e7}.TM.blf

========== Files Created - No Company Name ==========

[2010/09/14 16:55:52 | 210,656,233 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/14 09:18:39 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/14 09:16:17 | 000,000,792 | ---- | C] () -- C:\Users\LawClerkTS\Desktop\NTREGOPT.lnk
[2010/09/14 09:16:17 | 000,000,773 | ---- | C] () -- C:\Users\LawClerkTS\Desktop\ERUNT.lnk
[2010/09/13 14:04:16 | 000,000,162 | -H-- | C] () -- C:\Users\LawClerkTS\Documents\~$Master Return Address Envelope.doc
[2010/09/10 14:33:17 | 000,033,280 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Schroeder to Hartford.doc
[2010/09/10 14:21:14 | 000,033,280 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Schroeder American Funds.doc
[2010/09/10 14:08:20 | 000,036,352 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Schroeder BNY cover.doc
[2010/09/10 13:08:50 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/09/09 13:26:16 | 000,270,511 | ---- | C] () -- C:\Users\LawClerkTS\Documents\template subpeona deuces tecum.pdf
[2010/09/08 11:57:14 | 000,035,328 | ---- | C] () -- C:\Users\LawClerkTS\Documents\WPace est Application for Attorney Fees edited TLS.doc
[2010/09/08 11:07:34 | 000,031,744 | ---- | C] () -- C:\Users\LawClerkTS\Documents\mcclurkin cover accounting.doc
[2010/09/03 14:55:44 | 000,022,528 | ---- | C] () -- C:\Users\LawClerkTS\Documents\A Master Return Address Envelope.doc
[2010/09/02 14:15:39 | 000,013,156 | ---- | C] () -- C:\Users\LawClerkTS\Documents\cc_20100902_141536.reg
[2010/09/01 10:38:59 | 000,150,174 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Benson Deed.pdf
[2010/08/30 11:36:00 | 000,013,068 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Monday August 30 job report.docx
[2010/08/30 10:30:23 | 000,046,800 | ---- | C] () -- C:\Users\LawClerkTS\Documents\house bill 478.docx
[2010/08/26 10:02:09 | 000,309,098 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Benson 2010 accounting.pdf
[2010/08/25 11:04:15 | 000,011,608 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Wednesday August 25 job report.docx
[2010/08/17 10:57:40 | 000,028,160 | ---- | C] () -- C:\Users\LawClerkTS\Documents\CMoore contested C no kids TLS.doc
[2010/08/16 11:03:28 | 000,746,892 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2010/07/23 11:02:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/07/23 11:02:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/07/23 10:42:07 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/07/23 10:42:07 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/07/23 10:42:07 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/07/12 13:23:03 | 000,044,675 | ---- | C] () -- C:\Users\LawClerkTS\Documents\fax_email cover.rtf
[2010/07/09 12:53:55 | 000,012,941 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Speech 1000 2010 Class List.docx
[2010/06/23 10:57:49 | 000,524,288 | -HS- | C] () -- C:\Users\LawClerkTS\ntuser.dat{e922ccb0-7eed-11df-899a-001e906f7bc7}.TMContainer00000000000000000002.regtrans-ms
[2010/06/23 10:57:49 | 000,524,288 | -HS- | C] () -- C:\Users\LawClerkTS\ntuser.dat{e922ccb0-7eed-11df-899a-001e906f7bc7}.TMContainer00000000000000000001.regtrans-ms
[2010/06/23 10:57:49 | 000,065,536 | -HS- | C] () -- C:\Users\LawClerkTS\ntuser.dat{e922ccb0-7eed-11df-899a-001e906f7bc7}.TM.blf
[2010/03/18 16:52:48 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOBZ2ABL.DLL
[2010/03/04 11:46:02 | 000,001,356 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Local\d3d9caps.dat
[2010/03/03 13:38:40 | 000,000,000 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Roaming\29b9dc40
[2009/09/18 10:41:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/02/06 10:37:09 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009/01/23 13:01:57 | 000,000,220 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Roaming\wklnhst.dat
[2008/03/20 10:06:29 | 000,026,337 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/03/12 12:20:28 | 000,000,019 | ---- | C] () -- C:\Windows\vaLangChoice.ini
[2008/03/12 12:19:56 | 000,000,151 | ---- | C] () -- C:\Windows\System32\LM_SUPPORT.INI
[2008/01/14 15:54:44 | 000,000,268 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Roaming\LMCPaper.dat
[2008/01/08 13:37:37 | 000,003,932 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Roaming\LMLayout.dat
[2008/01/07 11:08:16 | 000,022,016 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/22 14:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 10:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll

========== LOP Check ==========

[2008/05/02 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\7Wonders
[2009/06/02 10:26:12 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Anabel
[2009/10/15 13:52:39 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Artogon
[2009/08/27 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Aveyond 3
[2008/05/01 13:53:59 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Beep
[2008/04/22 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Big Fish Games
[2008/04/21 13:53:25 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Boomzap
[2010/03/30 13:42:37 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Camel101
[2008/03/14 15:27:03 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\CaribbeanHideaway
[2009/12/11 16:32:49 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/13 09:29:09 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\DataCast
[2008/02/26 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\DiVision Studios - Escaping Atlantis
[2009/10/13 13:17:58 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Dreamsdwell Stories
[2009/05/21 14:59:02 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\EnchantedCavern
[2009/05/22 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Fabulous Finds
[2009/02/09 11:26:37 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Flood Light Games
[2008/03/11 12:16:50 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\FloodLightGames
[2008/12/11 13:24:23 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2008/02/26 11:40:51 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\GAMEON
[2009/09/18 15:29:41 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Games
[2010/06/25 11:22:59 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\GlarySoft
[2009/06/15 15:08:33 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Gold Casual Games
[2009/11/16 16:23:47 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Hidden Island Data
[2008/01/28 11:26:44 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Home Sweet Home
[2009/09/22 13:38:19 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\ImperialCity
[2008/04/28 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\iWin
[2008/04/11 11:59:33 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\KewlBoxPrefs
[2008/07/03 11:28:34 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Leadertech
[2010/03/26 09:13:10 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\LimeWire
[2008/02/19 16:47:10 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Magic Academy
[2008/04/08 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\MagicStonesY
[2008/03/19 12:41:34 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Mind Control Software
[2009/06/23 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\My Games
[2008/05/29 12:52:32 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\MysteryStudio
[2009/09/28 10:10:02 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Oberonv1002
[2008/04/04 11:03:21 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Pi Eye Games
[2008/03/14 13:53:51 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Pirate Stories Kit Ellis
[2009/05/21 13:49:20 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\PlayFirst
[2010/06/08 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Pogo Games
[2010/08/13 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Registry Mechanic
[2009/09/22 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Restorer
[2008/01/07 13:14:54 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\SampleView
[2008/03/06 14:53:10 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\ScanSoft
[2009/06/02 12:28:04 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\SecretIslandEng
[2010/09/15 11:15:24 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Spare Backup
[2009/12/09 13:31:37 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Template
[2008/03/11 12:28:35 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\TheScruffs
[2008/04/10 15:04:43 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\URSE Games
[2008/04/28 15:42:02 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Valusoft
[2008/05/07 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\VeniceMysteryData
[2008/04/24 15:02:24 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Wildfire
[2008/03/12 13:22:43 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\WildTangent
[2008/04/25 10:00:18 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Yatec Games
[2010/09/07 12:51:04 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2010/09/15 11:13:28 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/09/14 09:28:44 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/07/22 09:36:13 | 000,000,444 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/06/11 17:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/12/07 11:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
[2009/04/24 10:14:16 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2008/07/11 11:30:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/11 11:30:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/14 16:55:52 | 1251,749,888 | -HS- | M] () -- C:\pagefile.sys
[2010/03/05 12:58:59 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2007/09/03 18:51:14 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2007/09/03 18:44:54 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2007/09/03 19:46:43 | 000,000,080 | ---- | M] () -- C:\USBPatch.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-15 10:10:03

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7FF7BEBC
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:333D4670
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:0E660858
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:4339E80E
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:583600BF
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EBE4F6FC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:27EEEB5C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:001F2DD1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FDAF118C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DEF2E739
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C61EF274
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:78DBBDCD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6A7B7A50
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:478FEFC3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1C5692E6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DD874E14
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6CC86DF2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:680DD2F1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:52CFA21D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F56E823C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F4CD3D0C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:EAB1AD1B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:77D45B2F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FB137066
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FA42DF8E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BB64EAA8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D458568
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4CD2D817
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D5E5CFEC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BCEA2040
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:975EFF04
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8F6DDD92
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7F28C036
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:54362937
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3214A283
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:05113FB9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D09D4E8D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C24B973A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:61B2F40C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4B49E3BC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:389D4B73
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FB384C06
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EB75B05F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E018C6FA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A98EF1F7
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9731602C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8D10D643
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:77A2F1C0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:94AC4BF7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:57574112
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A92EB9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C870DCBB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B2FF6BFE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:92D18A5E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7C819E94
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:50631D57
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E1EBA5B8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A90C55DC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AA9519A6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AA24D1FF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A644A4BC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:7D2C5D65
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6A79A8D4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6659D318
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:62197B73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:450E40FD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3E39CAA9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:321B811D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FC7AF9F6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A3A6DC77
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3313EA24
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EA2FBCA1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E1B9ACBE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DEC7E19B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:74870514
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:127BBD85
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:EF89A86D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E37541B7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D9B14491
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B1C84058
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6C184524
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FC41EBC3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B251D199
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7F403760
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:096BF2EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A73EAFFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2933FBFE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D16E7091
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:949483BD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AA50F13
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:EEA9057A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E736CE6B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:CAA71687
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BA4AE5FC
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3CF7E866
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EFF24E88
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E94B3A80
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BCBC7E36
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A2AACBFA
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:95B8F7F6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8135A716
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7C8D7A39
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3A70B627
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2ABEB9EB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:275B4CFC
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:03B3646C
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D21BAD68
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:BF02D1CD
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9DAC67BE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FC44F0E7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:F4DE1EC6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E6EA2A3B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E06AC882
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A94C9389
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:11201333
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CEB4672B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C3486760
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:B8CD2C07
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8A2AAEB5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:814402E6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:1FBF7E5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FE5F00D0
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C213B3C4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9CD10922
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:82C50600
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6FA71CCF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6248E15F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4B9F47D8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1B8B2AF8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E36991C0
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:AD85914A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:29468260
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:ED2ADD13
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:9D57BC73
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:96AD618C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5A27D490
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:29B2472B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:F65733F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E60C72DB
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:CD7CFE01
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:81ED9272
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:51E4E516
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:34FC1C45
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:268F887D
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:8FBC80F9
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:72784F8B
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6DCDF446
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:503A27F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E2CD81E1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A761C913
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:7C615D8C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:494C4968
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9F405A6B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D09AEE3D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:89123481
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:85B07A67
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D6BDE53F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C17FCA88
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:94D19DE1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:59BDDCD5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:3857ABB7
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2BE20CF3
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:FF23A360
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:46545F5C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C8B57520
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A18FC5E4
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:7478C5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:50EC82D2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:29187573
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:BBAFC89E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:BA41EC1A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7B60301F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:693E8A55
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:7025E8E7
< End of report >

OTL Extras.txt Log:

OTL Extras logfile created on: 9/15/2010 1:35:53 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\LawClerkTS\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 298.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.09 Gb Total Space | 82.58 Gb Free Space | 59.37% Space Free | Partition Type: NTFS
Drive D: | 9.96 Gb Total Space | 3.95 Gb Free Space | 39.70% Space Free | Partition Type: NTFS
Drive E: | 19.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAWCLERKTS-PC
Current User Name: LawClerkTS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07922F4F-9516-4F3D-8BD5-9A220D47653E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B4C4644-C2E7-415F-A403-9708D5EDAF87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D647E71-7794-49E3-A52D-4BF2DA03551C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39B89428-658B-4B91-A2CF-E2DEA92C3D7A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3D1D6A08-F7B6-434A-98AE-E8DBBDC2421B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4621A846-C373-4472-B9C6-774F5F759407}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B2CAA6C-982A-49F9-8BF2-F96E3E002BB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F95D4C9-EC20-46A0-9C20-67A2F0FAA021}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6376A17E-3848-4CAA-88BE-FA10C147BBFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A185D53-3480-437B-95D0-8E5B0F1CD60A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F4DD3C8-2F7A-4A43-BEC9-F65599862D75}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7CAC5622-E9AA-4296-9BBF-12A812196178}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A1B677DA-EE11-42BF-ADD3-E0C0CE156AD9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A3E4377A-B8D2-45D7-A4F1-4C4BAF5650B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AAE501A8-8516-4488-988A-5752BA03F6A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4F804F7-F95A-491D-B28C-6835C747F635}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BADCF40D-D311-47EE-B6BE-3442444A517B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C25F20-E294-4BF2-96D4-5D53AFCE4098}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{1B6A9D21-D54D-4CFF-9FDB-2702449CF0D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2AE18931-C1C6-44A0-A608-A827023508B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C34487F-ACED-4600-A6A1-91A5D7E522F2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3AC4E06C-1074-4091-AF00-ABDCF7576033}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44A103F1-1B02-4A58-AAC4-688037175D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CFA92D9-D332-458D-96AF-18A1C467593C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{521578ED-E8EF-4E22-A3BA-140EF0E61654}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{55A271F2-F701-4117-B731-7C482144C834}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65795B9B-90FC-4001-8BB8-BC42A0A7AF84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A770F91-F421-4D72-BB2F-919A842F85C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{737BBF31-CFA0-44E5-9CD9-9CD1E715E1FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{816A6735-E824-41A8-A12B-EB82770728A1}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{85AB9674-0F3F-453E-B7D1-2B90032C969D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8681DA8E-4686-47DE-A593-6EBEC82E1436}" = protocol=6 | dir=out | app=system |
"{8F3AF725-8839-4904-9ACC-69E9B5357618}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{96745441-28B4-4B59-91AF-7B2FA367D5BB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9E540604-A4C3-4F2C-9206-86368E5285F4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2DFF567-F3C9-47A4-AA00-916427673859}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A5D987F3-884A-437D-B45D-A79CF3B06251}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A64D15D9-2BE0-4065-9808-1D88F32B4E11}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C787A23E-A312-41D9-ADFF-9D71402C0289}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DFEAEE98-7876-41BF-BF0F-2D902B7F8AAC}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E27F060C-0216-417E-A970-39E58CF6381B}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{E9D8D8D9-6993-4E91-96D6-101FF696C9E9}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FAFFA768-96C5-4D62-ADEB-EFE3CBAE0DEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC0FAC82-1F03-45A6-88A4-61084A87B19F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FD087663-6FE5-4806-98EB-6724E04AFDDB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{D3D52A6D-5153-495F-823A-6DC9AEFE67B6}C:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe |
"UDP Query User{DDF50B58-F80E-454C-AEAE-A8A861D74B60}C:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F5B2E96-C322-4CFC-9254-52AEAA5F3C6A}" = SkyMotion
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{629122EC-B318-47AB-8ECB-22AAD6A82DF3}" = WBOPF5
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A724058-2D43-11D6-AD5B-00105AE20051}" = ViewAhead Photo Center
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115286387}" = Operation Mania
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869E7242-3E57-4245-8E09-68470BFEF638}" = Cuyahoga
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3DACDE8-CF4A-4B21-9511-77E2918D10A5}" = WOGF4
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A5BA40DB-829E-4931-AE2A-7AD373D3CBCB}" = WOGF3
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = GE98067 98756 and 98046 MiniCam Pro
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDCE9C15-EB45-11D5-89C7-0050DA162A25}" = PaperPort 9.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eMachines Game Console" = eMachines Game Console
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Glary Utilities_is1" = Glary Utilities 2.26.0.956
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"LimeWire" = LimeWire 4.18.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Tax Forms Helper 2008_is1" = Tax Forms Helper 2008 8.5
"WT023901" = Penguins!
"WT023949" = Polar Bowler
"WT023955" = Polar Golfer
"Zynga Toolbar" = Zynga Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2010 12:36:42 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 4/22/2010 12:37:16 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/22/2010 12:37:16 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/22/2010 12:37:16 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 4/22/2010 12:37:49 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/22/2010 12:37:49 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/22/2010 12:37:49 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 4/22/2010 12:38:22 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/22/2010 12:38:22 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/22/2010 12:38:22 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 1024
Description =

[ Media Center Events ]
Error - 4/16/2008 1:06:20 PM | Computer Name = LawClerkTS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 12:23:35 PM | Computer Name = LawClerkTS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/9/2009 12:36:23 PM | Computer Name = LawClerkTS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/11/2009 4:27:28 PM | Computer Name = LawClerkTS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/11/2009 6:26:29 PM | Computer Name = LawClerkTS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/15/2010 6:02:40 AM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/15/2010 6:04:54 AM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/15/2010 6:05:24 AM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/15/2010 6:07:06 AM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/15/2010 6:07:36 AM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/15/2010 6:08:06 AM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/15/2010 6:08:36 AM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/15/2010 6:09:06 AM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/15/2010 6:09:37 AM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/15/2010 6:10:45 AM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >

#5
MsChief

Posted 15 September 2010 - 12:13 PM

Member

Topic Starter
Member
33 posts

I restarted the GMER scan and my computer shut down... whan it restarted I got this message:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: BE802018
BCP2: 00000000
BCP3: BE214CF8
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini091510-01.dmp
C:\Users\LawClerkTS\AppData\Local\Temp\WER-57625-0.sysdata.xml
C:\Users\LawClerkTS\AppData\Local\Temp\WER1870.tmp.version.txt

Read our privacy statement:
http://go.microsoft....63&clcid=0x0409

Is this because my boss shut GMER down previously?

#6
heir

Posted 16 September 2010 - 12:57 AM

Trusted Helper

Malware Removal
5,427 posts

Hello MsChief !

Welcome to the site!

My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Let's use another tool.

Step 1.
RKU:

Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

#7
MsChief

Posted 16 September 2010 - 07:47 AM

Member

Topic Starter
Member
33 posts

UnHook report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x8AC0D000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7471104 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.30 )
0x8261F000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8261F000 PnpManager 3903488 bytes
0x8261F000 RAW 3903488 bytes
0x8261F000 WMIxWDM 3903488 bytes
0x94020000 Win32k 2109440 bytes
0x94020000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B80F000 C:\Windows\system32\drivers\RTKVHDA.sys 1765376 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x86804000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x86476000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8A67C000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x86606000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80462000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9C008000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8AA08000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8BEE1000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8B32D000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8AADB000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80542000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x86405000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9960F000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9977F000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8A606000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x806AB000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8BB04000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80602000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80421000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8074D000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8679E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8BB89000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x865AC000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x99707000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x86914000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x805CB000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x829D8000 ACPI_HAL 208896 bytes
0x829D8000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807AB000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8BAD2000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8AB98000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8B9BE000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x86581000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8A652000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8BFA1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x86964000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80659000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x99758000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8BA0D000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8ABC7000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8BE0D000 C:\Windows\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8699C000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x996C7000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8BA55000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x996E8000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80722000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8BE73000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x8078E000 C:\Windows\system32\DRIVERS\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x9967C000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x866F0000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8BEA9000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8672F000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x99699000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8AB73000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x99740000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x86753000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x8BBCF000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B3E5000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8BE2F000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8BB4C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8BAA8000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8BEC4000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x996B2000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8A793000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8BE45000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9C104000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8A77F000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8BABE000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8676B000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8BFD5000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8BB70000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9C119000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8698B000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8A7CF000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80408000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8AACA000 C:\Windows\system32\DRIVERS\Rtnicxp.sys 69632 bytes (Realtek Semiconductor Corporation , Realtek 10/100 NDIS 5.1 Driver )
0x8671F000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x807DD000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8BF91000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8070A000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8A7A8000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8BE9A000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x86955000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80680000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8ABEA000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x867DC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8069C000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x94260000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8BB62000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8BA91000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806FC000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BE5C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8AABD000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x80740000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8A7C2000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805BE000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9C0F0000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8BA49000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B3CE000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8AB68000 C:\Windows\System32\Drivers\Cdr4_xp.SYS 45056 bytes (Sonic Solutions, CDR4 CD and DVD Burning Helper Driver)
0x86789000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8677E000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8BA86000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8AC00000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B3DA000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8670B000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80692000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8BE69000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8BE90000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8A7B8000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8BFCB000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8BBC5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9C0E6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x86749000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x86794000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x869BD000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8BA32000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9C12B000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8BA9F000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x94240000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x86716000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80648000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8071A000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80419000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80651000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8BA76000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BA7E000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8694D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9C0FC000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8BA42000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8AB8B000 C:\Windows\System32\Drivers\Cdralw2k.SYS 28672 bytes (Sonic Solutions, CDRAL for Windows 2000 Kernel Driver)
0x80401000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8BA3B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x997CD000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x806F5000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AB92000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8BB83000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x997D4000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8068F000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8AC0B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8BE5A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x06EB0000 Hidden Image-->Microsoft.Web.Services2.dll [ EPROCESS 0x9D0E4020 ] PID: 3092, 716800 bytes

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#8
heir

Posted 16 September 2010 - 07:55 AM

Trusted Helper

Malware Removal
5,427 posts

Step 1.
TDSSKiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#9
MsChief

Posted 16 September 2010 - 08:06 AM

Member

Topic Starter
Member
33 posts

2010/09/16 10:05:20.0920 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/16 10:05:20.0920 ================================================================================
2010/09/16 10:05:20.0920 SystemInfo:
2010/09/16 10:05:20.0920
2010/09/16 10:05:20.0920 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/16 10:05:20.0921 Product type: Workstation
2010/09/16 10:05:20.0921 ComputerName: LAWCLERKTS-PC
2010/09/16 10:05:20.0921 UserName: LawClerkTS
2010/09/16 10:05:20.0921 Windows directory: C:\Windows
2010/09/16 10:05:20.0921 System windows directory: C:\Windows
2010/09/16 10:05:20.0921 Processor architecture: Intel x86
2010/09/16 10:05:20.0921 Number of processors: 1
2010/09/16 10:05:20.0921 Page size: 0x1000
2010/09/16 10:05:20.0921 Boot type: Normal boot
2010/09/16 10:05:20.0921 ================================================================================
2010/09/16 10:05:21.0874 Initialize success
2010/09/16 10:05:58.0037 ================================================================================
2010/09/16 10:05:58.0037 Scan started
2010/09/16 10:05:58.0037 Mode: Manual;
2010/09/16 10:05:58.0038 ================================================================================
2010/09/16 10:05:59.0969 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
2010/09/16 10:06:00.0021 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/16 10:06:00.0087 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/09/16 10:06:00.0141 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/09/16 10:06:00.0199 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/09/16 10:06:00.0252 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/09/16 10:06:00.0355 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/16 10:06:00.0428 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/09/16 10:06:00.0478 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/16 10:06:00.0540 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/09/16 10:06:00.0574 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/09/16 10:06:00.0613 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/09/16 10:06:00.0676 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/09/16 10:06:00.0725 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/16 10:06:00.0932 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/09/16 10:06:00.0979 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/09/16 10:06:01.0053 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/16 10:06:01.0126 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/16 10:06:01.0220 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/09/16 10:06:01.0267 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\Windows\system32\DRIVERS\avipbb.sys
2010/09/16 10:06:01.0350 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/09/16 10:06:01.0435 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/16 10:06:01.0559 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/16 10:06:01.0632 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/16 10:06:01.0674 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/16 10:06:01.0734 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/16 10:06:01.0767 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/16 10:06:01.0812 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/16 10:06:01.0845 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/16 10:06:01.0907 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/16 10:06:02.0017 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/16 10:06:02.0081 Cdr4_xp (814acb9b8a55804d9878248b3c79f862) C:\Windows\system32\drivers\Cdr4_xp.sys
2010/09/16 10:06:02.0143 Cdralw2k (bce7213f8aa1bc9d5c08f81cb05e10a7) C:\Windows\system32\drivers\Cdralw2k.sys
2010/09/16 10:06:02.0196 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/16 10:06:02.0252 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/09/16 10:06:02.0314 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/16 10:06:02.0456 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/16 10:06:02.0492 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/09/16 10:06:02.0549 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/16 10:06:02.0599 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/09/16 10:06:02.0679 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/09/16 10:06:02.0843 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/16 10:06:03.0042 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/16 10:06:03.0124 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/16 10:06:03.0169 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/16 10:06:03.0225 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/16 10:06:03.0559 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/16 10:06:03.0708 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/09/16 10:06:03.0815 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/16 10:06:03.0852 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/16 10:06:03.0946 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/16 10:06:04.0011 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/16 10:06:04.0070 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/16 10:06:04.0108 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/16 10:06:04.0149 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/16 10:06:04.0219 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/16 10:06:04.0278 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/16 10:06:04.0340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/16 10:06:04.0416 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/16 10:06:04.0471 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/16 10:06:04.0523 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/16 10:06:04.0552 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/16 10:06:04.0594 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2010/09/16 10:06:04.0633 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/09/16 10:06:04.0710 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/09/16 10:06:04.0773 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/09/16 10:06:04.0820 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/09/16 10:06:04.0869 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/09/16 10:06:04.0934 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/16 10:06:05.0048 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
2010/09/16 10:06:05.0150 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/09/16 10:06:05.0192 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/16 10:06:05.0313 IntcAzAudAddService (389f5d4859f4300d52ead838f1a17131) C:\Windows\system32\drivers\RTKVHDA.sys
2010/09/16 10:06:05.0413 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2010/09/16 10:06:05.0472 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/16 10:06:05.0549 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/16 10:06:05.0640 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/16 10:06:05.0681 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/16 10:06:05.0735 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/16 10:06:05.0798 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/09/16 10:06:05.0838 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/16 10:06:05.0870 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/16 10:06:05.0905 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/16 10:06:05.0944 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/16 10:06:05.0992 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/09/16 10:06:06.0049 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/16 10:06:06.0154 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/16 10:06:06.0236 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/16 10:06:06.0279 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/16 10:06:06.0316 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/16 10:06:06.0376 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/16 10:06:06.0432 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/09/16 10:06:06.0477 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/09/16 10:06:06.0566 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/16 10:06:06.0601 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/16 10:06:06.0646 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/16 10:06:06.0690 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2010/09/16 10:06:06.0752 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/16 10:06:06.0803 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/09/16 10:06:06.0847 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/16 10:06:06.0899 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/16 10:06:06.0949 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/16 10:06:06.0986 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/16 10:06:07.0029 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/16 10:06:07.0069 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/16 10:06:07.0126 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/09/16 10:06:07.0164 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/09/16 10:06:07.0200 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/16 10:06:07.0278 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/16 10:06:07.0335 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/16 10:06:07.0368 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/16 10:06:07.0435 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/16 10:06:07.0476 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/16 10:06:07.0515 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/16 10:06:07.0549 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/16 10:06:07.0594 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/16 10:06:07.0680 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/16 10:06:07.0736 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/16 10:06:07.0800 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/16 10:06:07.0833 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/16 10:06:07.0887 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/16 10:06:07.0927 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/16 10:06:07.0975 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/16 10:06:08.0013 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/16 10:06:08.0206 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2010/09/16 10:06:08.0306 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/16 10:06:08.0351 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/16 10:06:08.0385 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/16 10:06:08.0499 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/16 10:06:08.0563 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/16 10:06:08.0596 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/16 10:06:08.0851 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/09/16 10:06:09.0034 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/09/16 10:06:09.0056 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/09/16 10:06:09.0092 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2010/09/16 10:06:09.0131 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/09/16 10:06:09.0199 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/16 10:06:09.0250 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/09/16 10:06:09.0281 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/16 10:06:09.0303 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/09/16 10:06:09.0411 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/16 10:06:09.0472 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/09/16 10:06:09.0507 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/16 10:06:09.0547 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/16 10:06:09.0660 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/16 10:06:09.0680 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/09/16 10:06:09.0762 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/16 10:06:09.0837 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/09/16 10:06:09.0904 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/16 10:06:09.0937 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/16 10:06:09.0977 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/16 10:06:10.0060 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/16 10:06:10.0100 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/16 10:06:10.0132 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/16 10:06:10.0170 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/16 10:06:10.0223 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/16 10:06:10.0258 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/09/16 10:06:10.0269 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/16 10:06:10.0311 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/16 10:06:10.0357 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/16 10:06:10.0403 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2010/09/16 10:06:10.0468 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/16 10:06:10.0500 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/16 10:06:10.0537 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/16 10:06:10.0595 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\Windows\system32\DRIVERS\ser2pl.sys
2010/09/16 10:06:10.0634 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/16 10:06:10.0679 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/09/16 10:06:10.0712 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/16 10:06:10.0766 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/09/16 10:06:10.0802 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/16 10:06:10.0849 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/16 10:06:10.0898 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/16 10:06:10.0922 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/09/16 10:06:10.0945 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/09/16 10:06:10.0967 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/09/16 10:06:11.0009 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/16 10:06:11.0290 SNPSTD3 (a37e84eb12c39d36eddeb7966429e75f) C:\Windows\system32\DRIVERS\snpstd3.sys
2010/09/16 10:06:11.0576 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/16 10:06:11.0639 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/09/16 10:06:11.0685 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/16 10:06:11.0737 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/16 10:06:11.0770 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/09/16 10:06:11.0819 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/16 10:06:11.0857 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/16 10:06:11.0900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/16 10:06:12.0028 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/16 10:06:12.0115 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/09/16 10:06:12.0198 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/16 10:06:12.0231 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/16 10:06:12.0267 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/16 10:06:12.0317 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/16 10:06:12.0377 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/16 10:06:12.0540 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/16 10:06:12.0585 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/16 10:06:12.0610 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/16 10:06:12.0629 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/16 10:06:12.0678 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/09/16 10:06:12.0738 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/16 10:06:12.0786 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/16 10:06:12.0830 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/09/16 10:06:12.0869 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/16 10:06:12.0893 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/16 10:06:12.0929 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/16 10:06:12.0967 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/09/16 10:06:13.0020 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/16 10:06:13.0068 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/16 10:06:13.0115 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/16 10:06:13.0153 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/16 10:06:13.0176 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/16 10:06:13.0211 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/16 10:06:13.0252 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/16 10:06:13.0285 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/16 10:06:13.0330 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/16 10:06:13.0378 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/16 10:06:13.0436 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/09/16 10:06:13.0472 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/09/16 10:06:13.0501 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/09/16 10:06:13.0545 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/16 10:06:13.0597 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/16 10:06:13.0641 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/16 10:06:13.0681 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/09/16 10:06:13.0775 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/16 10:06:13.0832 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/16 10:06:13.0843 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/16 10:06:13.0896 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/09/16 10:06:13.0948 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/16 10:06:14.0013 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/09/16 10:06:14.0139 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2010/09/16 10:06:14.0183 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/09/16 10:06:14.0237 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/16 10:06:14.0291 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/16 10:06:14.0426 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/16 10:06:14.0494 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
2010/09/16 10:06:14.0513 ================================================================================
2010/09/16 10:06:14.0513 Scan finished
2010/09/16 10:06:14.0513 ================================================================================
2010/09/16 10:06:39.0534 ================================================================================
2010/09/16 10:06:39.0534 Scan started
2010/09/16 10:06:39.0534 Mode: Manual;
2010/09/16 10:06:39.0534 ================================================================================
2010/09/16 10:06:39.0749 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
2010/09/16 10:06:39.0809 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/16 10:06:39.0859 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/09/16 10:06:39.0912 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/09/16 10:06:39.0955 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/09/16 10:06:40.0015 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/09/16 10:06:40.0077 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/16 10:06:40.0117 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/09/16 10:06:40.0149 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/16 10:06:40.0196 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/09/16 10:06:40.0221 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/09/16 10:06:40.0261 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/09/16 10:06:40.0297 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/09/16 10:06:40.0339 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/16 10:06:40.0421 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/09/16 10:06:40.0462 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/09/16 10:06:40.0516 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/16 10:06:40.0556 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/16 10:06:40.0650 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/09/16 10:06:40.0697 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\Windows\system32\DRIVERS\avipbb.sys
2010/09/16 10:06:40.0763 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/09/16 10:06:40.0807 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/16 10:06:40.0914 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/16 10:06:40.0962 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/16 10:06:41.0012 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/16 10:06:41.0074 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/16 10:06:41.0213 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/16 10:06:41.0265 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/16 10:06:41.0300 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/16 10:06:41.0329 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/16 10:06:41.0378 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/16 10:06:41.0461 Cdr4_xp (814acb9b8a55804d9878248b3c79f862) C:\Windows\system32\drivers\Cdr4_xp.sys
2010/09/16 10:06:41.0490 Cdralw2k (bce7213f8aa1bc9d5c08f81cb05e10a7) C:\Windows\system32\drivers\Cdralw2k.sys
2010/09/16 10:06:41.0551 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/16 10:06:41.0631 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/09/16 10:06:41.0744 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/16 10:06:41.0844 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/16 10:06:41.0898 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/09/16 10:06:41.0970 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/16 10:06:42.0023 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/09/16 10:06:42.0060 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/09/16 10:06:42.0165 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/16 10:06:42.0263 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/16 10:06:42.0337 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/16 10:06:42.0458 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/16 10:06:42.0503 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/16 10:06:42.0564 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/16 10:06:42.0649 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/09/16 10:06:42.0739 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/16 10:06:42.0791 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/16 10:06:42.0835 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/16 10:06:42.0900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/16 10:06:42.0959 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/16 10:06:43.0006 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/16 10:06:43.0054 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/16 10:06:43.0107 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/16 10:06:43.0159 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/16 10:06:43.0195 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/16 10:06:43.0282 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/16 10:06:43.0343 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/16 10:06:43.0404 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/16 10:06:43.0449 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/16 10:06:43.0499 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2010/09/16 10:06:43.0572 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/09/16 10:06:43.0640 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/09/16 10:06:43.0704 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/09/16 10:06:43.0767 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/09/16 10:06:43.0825 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/09/16 10:06:43.0881 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/16 10:06:43.0961 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
2010/09/16 10:06:44.0023 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/09/16 10:06:44.0123 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/16 10:06:44.0251 IntcAzAudAddService (389f5d4859f4300d52ead838f1a17131) C:\Windows\system32\drivers\RTKVHDA.sys
2010/09/16 10:06:44.0343 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2010/09/16 10:06:44.0386 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/16 10:06:44.0487 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/16 10:06:44.0584 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/16 10:06:44.0702 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/16 10:06:44.0774 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/16 10:06:44.0861 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/09/16 10:06:44.0926 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/16 10:06:44.0967 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/16 10:06:45.0011 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/16 10:06:45.0090 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/16 10:06:45.0156 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/09/16 10:06:45.0237 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/16 10:06:45.0351 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/16 10:06:45.0440 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/16 10:06:45.0486 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/16 10:06:45.0572 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/16 10:06:45.0673 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/16 10:06:46.0145 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/09/16 10:06:46.0515 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/09/16 10:06:46.0887 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/16 10:06:47.0289 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/16 10:06:47.0610 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/16 10:06:47.0777 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2010/09/16 10:06:48.0023 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/16 10:06:48.0174 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/09/16 10:06:48.0326 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/16 10:06:48.0504 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/16 10:06:48.0778 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/16 10:06:48.0982 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/16 10:06:49.0391 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/16 10:06:49.0457 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/16 10:06:49.0554 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/09/16 10:06:49.0726 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/09/16 10:06:50.0129 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/16 10:06:50.0538 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/16 10:06:50.0972 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/16 10:06:51.0213 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/16 10:06:51.0280 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/16 10:06:51.0454 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/16 10:06:51.0610 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/16 10:06:51.0710 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/16 10:06:51.0847 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/16 10:06:52.0050 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/16 10:06:52.0146 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/16 10:06:52.0211 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/16 10:06:52.0268 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/16 10:06:52.0341 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/16 10:06:52.0456 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/16 10:06:52.0528 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/16 10:06:52.0592 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/16 10:06:52.0758 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2010/09/16 10:06:52.0868 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/16 10:06:52.0954 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/16 10:06:53.0021 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/16 10:06:53.0122 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/16 10:06:53.0199 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/16 10:06:53.0273 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/16 10:06:53.0505 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/09/16 10:06:53.0722 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/09/16 10:06:53.0784 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/09/16 10:06:53.0854 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2010/09/16 10:06:53.0917 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/09/16 10:06:54.0110 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/16 10:06:54.0202 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/09/16 10:06:54.0284 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/16 10:06:54.0355 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/09/16 10:06:54.0439 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/16 10:06:54.0500 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/09/16 10:06:54.0577 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/16 10:06:54.0674 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/16 10:06:54.0863 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/16 10:06:54.0908 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/09/16 10:06:54.0982 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/16 10:06:55.0062 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/09/16 10:06:55.0139 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/16 10:06:55.0222 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/16 10:06:55.0296 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/16 10:06:55.0380 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/16 10:06:55.0460 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/16 10:06:55.0536 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/16 10:06:55.0605 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/16 10:06:55.0667 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/16 10:06:55.0761 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/09/16 10:06:55.0855 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/16 10:06:55.0905 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/16 10:06:56.0027 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/16 10:06:56.0096 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2010/09/16 10:06:56.0163 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/16 10:06:56.0244 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/16 10:06:56.0306 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/16 10:06:56.0398 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\Windows\system32\DRIVERS\ser2pl.sys
2010/09/16 10:06:56.0445 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/16 10:06:56.0490 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/09/16 10:06:56.0556 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/16 10:06:56.0668 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/09/16 10:06:56.0721 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/16 10:06:56.0774 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/16 10:06:56.0850 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/16 10:06:56.0958 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/09/16 10:06:57.0013 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/09/16 10:06:57.0078 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/09/16 10:06:57.0169 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/16 10:06:57.0508 SNPSTD3 (a37e84eb12c39d36eddeb7966429e75f) C:\Windows\system32\DRIVERS\snpstd3.sys
2010/09/16 10:06:57.0811 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/16 10:06:57.0882 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/09/16 10:06:57.0988 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/16 10:06:58.0039 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/16 10:06:58.0138 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/09/16 10:06:58.0222 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/16 10:06:58.0309 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/16 10:06:58.0410 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/16 10:06:58.0462 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/16 10:06:58.0691 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/09/16 10:06:58.0766 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/16 10:06:58.0826 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/16 10:06:58.0902 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/16 10:06:58.0968 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/16 10:06:59.0045 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/16 10:06:59.0100 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/16 10:06:59.0239 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/16 10:06:59.0303 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/16 10:06:59.0373 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/16 10:06:59.0440 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/09/16 10:06:59.0506 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/16 10:06:59.0637 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/16 10:06:59.0689 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/09/16 10:06:59.0737 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/16 10:06:59.0828 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/16 10:06:59.0880 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/16 10:06:59.0994 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/09/16 10:07:00.0072 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/16 10:07:00.0177 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/16 10:07:00.0233 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/16 10:07:00.0304 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/16 10:07:00.0361 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/16 10:07:00.0438 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/16 10:07:00.0532 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/16 10:07:00.0603 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/16 10:07:00.0673 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/16 10:07:00.0754 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/16 10:07:00.0812 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/09/16 10:07:00.0915 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/09/16 10:07:01.0017 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/09/16 10:07:01.0089 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/16 10:07:01.0164 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/16 10:07:01.0215 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/16 10:07:01.0282 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/09/16 10:07:01.0401 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/16 10:07:01.0467 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/16 10:07:01.0509 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/16 10:07:01.0647 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/09/16 10:07:01.0715 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/16 10:07:01.0889 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/09/16 10:07:02.0024 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2010/09/16 10:07:02.0125 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/09/16 10:07:02.0253 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/16 10:07:02.0331 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/16 10:07:02.0465 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/16 10:07:02.0537 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
2010/09/16 10:07:02.0630 ================================================================================
2010/09/16 10:07:02.0630 Scan finished
2010/09/16 10:07:02.0630 ================================================================================

#10
heir

Posted 16 September 2010 - 08:17 AM

Trusted Helper

Malware Removal
5,427 posts

Let's try and get a log from GMER. We'll do it a bit different here.

Download GMER from Here. Note the file's name and save it to your desktop. (it's randomly named.)

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Here is a howto for some of the applications.

Double click file
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If it fails then please run it again with only Sections and c:\ ticked

Please copy and paste the report into your Post.

#11
MsChief

Posted 16 September 2010 - 09:32 AM

Member

Topic Starter
Member
33 posts

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-16 10:53:35
Windows 6.0.6002 Service Pack 2
Running: pyon4sge(GMER).exe; Driver: C:\Users\LAWCLE~1\AppData\Local\Temp\fwlorfow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B406340, 0x3DB197, 0xE8000020]

---- EOF - GMER 1.0.15 ----

This is the GMER scan report with only SECTIONS and C DRIVE. The first scan done according to the removal guide turns my screen blue then says it encountered a problem but before I can look up at the screen the computer shuts down.

#12
heir

Posted 16 September 2010 - 10:02 AM

Trusted Helper

Malware Removal
5,427 posts

Thanks!

Are you still getting redirected?

#13
MsChief

Posted 16 September 2010 - 10:15 AM

Member

Topic Starter
Member
33 posts

Yes I am still being redirected...

#14
MsChief

Posted 16 September 2010 - 10:18 AM

Member

Topic Starter
Member
33 posts

It is not redirecting me as often as it had been. I have been online for about 5 minutes and only once been redirected. It was about once per minute...

#15
heir

Posted 16 September 2010 - 10:24 AM

Trusted Helper

Malware Removal
5,427 posts

Let's use these tools.

Step 1.
RootRepeal:

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3

Double click to start the program
Click on the Report tab at the bottom of the program window
Click the button
In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan

Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

Step 2.
MBRCheck:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 3.
Things I would like to see in your reply: