Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

csrss.exe could not load


  • This topic is locked This topic is locked
29 replies to this topic

#1 fastback

fastback

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 25 July 2011 - 01:31 AM

I recently ran a virus scan using SuperAntiSpyware and Malwarebytes to remove spyware/trojans off of my computer after having a redirect virus
(as in all websites would go to some fake page with "Your computer is at risk! Buy this now!" scam). I initially couldn't run any scan from
my main log on. I had to go to another log on to scan the pc. And after all that SuperAntiSpyware would run for awhile then stops/hangs.

However when I turn on my desktop,

I'm greeted with the following message:

"Could not load or run 'C:\users\daustin\Appdata\local\temp\csrss.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry."

I also get.
Window prompts

RunDLL

Error loading C:\Users\daustin\AppData\Local\eyeboqud.dll The specified module could not be found.


I also scanned my pc with ESET Online scanner.
I know that the "good" csrss.exe isn't located in that location, but I don't want to just jump in and change my registry without knowing what I'm doing, any help?

My pc:

Windows Vista Home Premium
Service Pack 2
Processor: Intel Core Quad CPU Q6600 @2.40GHz 2.39GHz
Memory(RAM) 4.00 GB
System type: 32-bit Operating System

Edited by fastback, 25 July 2011 - 01:47 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 03 August 2011 - 08:18 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 07 August 2011 - 02:36 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 10 August 2011 - 01:25 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 10 August 2011 - 10:28 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 fastback

fastback
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 11 August 2011 - 10:55 PM

Okay, I ran Malwarebyte Anti-malware and it found 15 objects however after running for some 6 hours plus upon completing the scan I noticed McAfee Security Center had been updating.
Upon McAfee's update completion prompt the pc did the blue screen crash/shutdown and restart. I'm not sure if Malwarebyte removed anything. Upon reboot all my program would not respond.
When I clicked on them I received a prompt stating to find the associated program to run this file. This happened no matter what file I tried to run, Firefox, IE anything. So I did a
search for the problem on my laptop and downloaded "exefix_vista" to fix that problem. Next I ran a new scan with ESET online scanner and it found a few problems. All this was done
from my desktop pc from my daily/main user profile (daustin) located on this pc. I usually don't use this user profile (wiltthestilt) only the one that I'm sending you the DDS and RKUnhooker
report from (daustin). The (daustin) profile would no allow firefox nor ie to run and continued to get a fake scanner trying to run. I don't no if this is any help to you but I thought I'd let you know.

THE REPORTS

An error has occurred. Please report this error code to our support team.

MBAM_ERROR_NOT_REGISTERED (0, 0)


DDS LOGS

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by daustin at 19:33:57 on 2011-08-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1583 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\WINDOWS\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\ASTSRV.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\NlsData001a32.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\ProgramData\asycfilt32.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k terlfsc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system\svchost.exe -k NetworkService
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://att.my.yahoo.com/
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=
uInternet Settings,ProxyServer = http=127.0.0.1:62242
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
uWinlogon: Shell=explorer.exe,c:\users\daustin\appdata\roaming\dwm.exe
uWindows: Load=c:\users\daustin\appdata\local\temp\csrss.exe
BHO: {01915875-86ee-4723-b9ae-8416bb279270} - c:\windows\system32\asycfilt32.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Videoraptor_WebRipPlugin Class: {3c0372c2-04c3-4100-bab1-1d42c552bc48} - c:\program files\rapidsolution\rs audials one\videoraptor\plugins\ie\VR_WebRipIePlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: simppulltoolbar: {5806fa2d-e338-4a24-a20c-5da56ba3b2ad} - c:\program files\simppulltoolbar\w3itemplateX.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110509225246.dll
BHO: incrediads browser module: {8fae9b9f-8671-bbc5-37fa-da1f832ff016} - c:\users\daustin\appdata\local\temp\nsrE00A.tmp.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - Ask Search Assistant BHO
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Browser Address Error Redirector: {ca6319c0-31b7-401e-a518-a07c3db8f777} - CBrowserHelperObject Object
BHO: Facetheme: {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - c:\program files\object\bho_project.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: simppulltoolbar: {5806fa2d-e338-4a24-a20c-5da56ba3b2ad} - c:\program files\simppulltoolbar\w3itemplateX.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [P2kAutostart]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AdobeBridge]
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Security Protection] c:\programdata\defender.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask .exe" -atboottime
mRun: [haqeesttjmbkz] c:\windows\system32\regsvr32.exe /s "c:\users\daustin\appdata\local\temp\nsrE00A.tmp.dll"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: live.com\onecare
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{326B3377-03A7-427A-B233-C807E20317E9} : DhcpNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\programdata\asycfilt32.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files\pixiepack codec pack\InstallerHelper.exe
mASetup: Nitro PDF Professional - cscript //B "c:\program files\nitro pdf\professional\RemoveOldAddins.vbs"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\daustin\appdata\roaming\mozilla\firefox\profiles\hdhbmx84.default user1\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/|http://us.mg201.mail.yahoo.com/dc/launch?rand=539263558|https://www.bankofamerica.com/homepage/overview.go?page_msg=signoff&body=signoff|http://www.google.com/ig?refresh=1&aig=0&reason=1|https://www.mysuperbuild.com/Login.aspx?ReturnUrl=%2fDashboard.aspx|http://www.demonoid.me/|https://sites.google.com/site/daustin3244/|https://www.google.com/analytics/reporting/dashboard?id=47721902&pdr=20110613-20110713&cmp=average&trows=10&gdfmt=nth_day&esig=0#lts=1310704924998
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\daustin\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\daustin\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 42141b8b-08b4-4382-946d-edaf76c8dd80
.
============= SERVICES / DRIVERS ===============
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [2010-5-17 10368]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-1 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-5 387480]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-18 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-12 218592]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2009-8-13 89728]
R1 FAMv4;FAMv4;c:\windows\system32\drivers\FAMv4.sys [2008-3-26 139800]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2002-8-14 5632]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-2-21 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-2-21 165032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [2010-5-17 154368]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2010-9-6 2077072]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-7 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-17 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-9 88176]
R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-21 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-21 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-21 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-21 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-21 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-21 141792]
R2 Netlogon32;Netlogon ;c:\windows\system32\NlsData001a32.exe [2011-8-10 656896]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-31 68928]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-26 2214504]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2008-12-28 23200]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-9-29 14976]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
R2 TermServices;Remote Desktop Services;c:\windows\system32\svchost.exe -k terlfsc [2008-12-7 21504]
R3 AV88BASE;Cx2388x Base Driver;c:\windows\system32\drivers\av88base.sys [2008-12-5 423936]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-21 56064]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2011-4-8 38608]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-12-5 5504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-17 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-5 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-5 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-21 314088]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2009-10-26 27168]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2010-5-29 386560]
R3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2010-5-29 20992]
R3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2010-5-29 33792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-1-7 44416]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-11 10976]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-1-18 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-21 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-5 40552]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2009-10-26 27168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\NServiceEntry.exe [2010-2-1 87336]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-5 29744]
S4 gupdate1c979e8d13ed718;Google Update Service (gupdate1c979e8d13ed718);c:\program files\google\update\GoogleUpdate.exe [2009-1-18 133104]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1355968]
S4 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-3-3 91392]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-7 1153368]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-12 366840]
S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-12 1142224]
S4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
.
=============== Created Last 30 ================
.
2011-08-11 18:02:19 331776 ----a-w- c:\windows\system32\asycfilt32.dll
2011-08-11 16:29:35 7680 ----a-w- c:\windows\system\svchost.exe
2011-08-11 16:25:33 135168 ----a-w- c:\programdata\asycfilt32.dll
2011-08-11 14:47:27 -------- d-----w- c:\program files\Object
2011-08-11 14:41:42 218624 ----a-w- c:\windows\system32\teldsw32.dll
2011-08-11 10:03:04 -------- d-----w- C:\7e89ffc231e636955c99fc5509a9f7
2011-08-11 00:07:58 -------- d-----w- C:\Adobe
2011-08-10 20:28:52 39558 ----a-w- c:\windows\system32\pjvoqpkzykpauo.exe
2011-08-10 20:28:41 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-08-10 20:28:39 -------- d-----w- c:\programdata\Tarma Installer
2011-08-10 20:24:10 656896 ----a-w- c:\programdata\asycfilt32.exe
2011-08-10 20:24:07 656896 ----a-w- c:\windows\system32\NlsData001a32.exe
2011-08-10 11:22:54 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 11:22:48 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 11:22:40 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-10 11:21:50 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 11:21:49 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 11:21:42 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-01 15:13:28 -------- d-----w- c:\program files\File Type Assistant
2011-08-01 15:13:05 -------- d-----w- c:\program files\simppulltoolbar
2011-07-24 06:34:45 -------- d-----w- c:\program files\ESET
2011-07-23 17:33:21 -------- d-----w- c:\users\daustin\appdata\local\{69BEDBB0-B06C-49B7-9763-6FCDDC75257E}
2011-07-14 20:33:21 -------- d-----w- c:\users\daustin\appdata\local\{F6701D1A-E9F5-4950-90CD-23FF720374A6}
2011-07-14 01:18:19 163184 ----a-w- c:\windows\DUMPe147.tmp
2011-07-14 01:18:19 163184 ----a-w- c:\windows\DUMPdd9e.tmp
2011-07-13 15:25:41 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 15:25:30 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
==================== Find3M ====================
.
2011-08-10 16:41:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 14:44:01 208 ----a-w- c:\users\daustin\appdata\roaming\msregsvv.dll
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 07:32:04 701952 ----a-w- c:\windows\system32\rnnblacgwofstv.dll
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:38:39.81 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/4/2008 11:12:10 PM
System Uptime: 8/11/2011 6:39:59 PM (1 hours ago)
.
Motherboard: Intel Corporation | | DG965OT
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | LGA 775 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1360 GiB total, 725.875 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 32.875 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is CDROM ()
J: is Removable
K: is FIXED (NTFS) - 466 GiB total, 100.538 GiB free.
L: is FIXED (FAT32) - 0 GiB total, 0 GiB free.
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
2009 National Painting Cost Estimator Trial
2010 National Painting Cost Estimator
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2.2
Adobe Reader X (10.1.0)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Aiseesoft Blu-ray Ripper
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia 3
ArcSoft TotalMedia Extreme
ArcSoft TotalMedia Theatre 3
ARP2600 V2 2.0
ARTS PDF Workshop 3.0
AT&T Yahoo! Messenger
ATI Catalyst Install Manager
Audials TV
Authorizer 1.0.3
Authorizer Ignition Key Support
Back2Life 2.7
Bejeweled 2 Deluxe
Big Fish Audio First Call Horns
BigFix
Blackhawk Striker 2
Bonjour
Brass 2.0.5
Browser Address Error Redirector
Bryce 2
CA Yahoo! Anti-Spy (remove only)
Canon Camera Access Library
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catalyst Control Center InstallProxy
CCleaner
Chinese Traditional Fonts Support For Adobe Reader 8
CodeMeter Runtime Kit v4.01
CoffeeCup Free HTML Editor
CoffeeCup HTML Editor
CompuApps SwissKnife V3
Conduit Engine
Connect
CS-80V2 2.0
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD
CyberLink PowerProducer
CyberLink UDF Reader 5.0
Data Lifeguard Tools
DesignCAD 3D Max 19
DesignCAD Express
DesignCAD File Viewer
DesignPro 5.4 Limited Edition
DHTML Editing Component
Digital Media Reader
Diner Dash
Disc2Phone
Diskeeper 2011 Home
DolbyFiles
DriverBoost
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DWGSee DWG Viewer
Easy CAD Viewer 2.6
eLicenser Control
ESET Online Scanner v3
Facetheme
Family Feud 2
FATE
File Type Assistant
Flickr Uploadr 3.2.1
Gateway Connect
Gateway Game Console
Gateway Recovery Center Installer
Google Desktop
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IK Multimedia Authorization Manager version 1.0.3
ImagXpress
Instant CAD Symbols
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® PRO Network Connections Drivers
Intel® Viiv™ Software
iTunes
Java Auto Updater
Java™ 6 Update 23
Java™ SE Runtime Environment 6 Update 1
Jupiter-8V2 2.0
kuler
KWorld PCI ATSC Driver
LG Tool Kit
LightScribe System Software
LightScribe Template Labeler
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
LP Recorder
LP Ripper
Magic DVD Copier Version 5.0.0
Magic DVD Ripper V5.4
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware version 1.51.1.1800
Master Uneraser
McAfee Security Scan Plus
McAfee SecurityCenter
MCE Software Encoder 1.1
Mediaraptor
Memorex exPressit Label Design Studio
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
minimoog V2 2.0
MobileMe Control Panel
Moog Modular V 2.5
Motorola Driver Installation 4.5.0
MOTOROLA MEDIA LINK
Movie Templates - Starter Kit
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Napster
Napster Burn Engine
Nero 8
Nero 9
Nero Burning ROM Help
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
NeroLiveGadget Help
neroxml
Netflix in Windows Media Center
Nitro PDF Professional
Norton Ghost
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA 3D Vision Driver 270.61
NVIDIA Control Panel 275.33
NVIDIA Drivers
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA Performance
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA System Update
NVIDIA Update 1.3.5
NVIDIA Update Components
OGA Notifier 2.0.0048.0
OneTouch Version 2.2
Panda ActiveScan 2.0
PDF Settings CS4
Penguins!
Performance Maximizer Incrediads.
Photoshop Camera Raw
Picasa 3
PixiePack Codec Pack
Polar Bowler
Polar Golfer
Prophet-V2 2.0
PVSonyDll
QuickBooks
QuickBooks Simple Start 2009
QuickTime
Radiotracker
Reason 5.0
Record 1.5.1
Record Ignition Key Support
ReCycle 2.1.2
ReFill Packer 4.0.1
Registry Mechanic 8.0
Rhapsody
RS Audials One 2.1.35705.500
S450
Safari
Seagate DiscWizard
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sibelius Scorch (ActiveX Only)
SigmaTel Audio
Simppull Toolbar
SmartSound Quicktracks Plugin
Soft Data Fax Modem with SmartCP
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
SoundTrax
Spare Backup
Spare Backup Open File Manager (remove only)
Spybot - Search & Destroy
Spyware Doctor 7.0
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Suite Shared Configuration CS4
SUPERAntiSpyware
SupportSoft Assisted Service
System Requirements Lab
T-RackS 3 Black 76 version 3.5.1
T-RackS 3 Deluxe version 3.5.1
T-RackS 3 White 2A version 3.5.1
Tagrunner
The National Estimator
The Worksite CD - Summer 2004 Edition
TM Control
Tradewinds
Tunebite
TURBOFloorPlan3D Home & Landscape PRO
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Update Service
US-122 MKII / US-144 MKII
uTorrentBar Toolbar
Videoraptor
ViewSonic Monitor Drivers
Virtual Villagers - A New Home
Visioneer PaperPort 6.1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Wave Corrector DeClick version 1.1
Windows Driver Package - TiVo (tivoir) USB (08/15/2008 1.0.1.0)
Windows Driver Package - TiVo USB (10/15/2008 1.0.1.0)
Windows Live ID Sign-in Assistant
Windows Live OneCare safety scanner
Windows Media 8 Encoding Utility
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR 4.01 (32-bit)
WinZip 14.5
XnView 1.97.8
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo Layers Runtime 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
8/9/2011 5:57:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.71 for the Network Card with network address 001CC03B937A has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
8/9/2011 3:53:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
8/9/2011 3:53:03 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/7/2011 7:50:32 PM, Error: Service Control Manager [7034] - The McAfee Security Scan Component Host Service service terminated unexpectedly. It has done this 1 time(s).
8/11/2011 9:35:44 AM, Error: EventLog [6008] - The previous system shutdown at 9:33:10 AM on 8/11/2011 was unexpected.
8/11/2011 7:41:43 AM, Error: Service Control Manager [7030] - The Remote Desktop Services service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/11/2011 6:41:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
8/11/2011 6:41:59 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
8/11/2011 6:41:05 PM, Error: EventLog [6008] - The previous system shutdown at 6:38:54 PM on 8/11/2011 was unexpected.
8/11/2011 6:41:00 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/11/2011 6:30:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
8/11/2011 6:27:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
8/11/2011 6:22:38 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/11/2011 6:22:38 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
8/11/2011 6:22:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
8/11/2011 6:19:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp Cdr4_xp FAMv4 pavboot SASDIFSV SASKUTIL spldr Wanarpv6
8/11/2011 6:18:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/11/2011 6:18:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/11/2011 6:18:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/11/2011 6:18:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/11/2011 6:18:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
8/11/2011 6:18:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/11/2011 6:17:23 AM, Error: EventLog [6008] - The previous system shutdown at 6:14:27 AM on 8/11/2011 was unexpected.
8/11/2011 6:08:31 AM, Error: EventLog [6008] - The previous system shutdown at 6:06:29 AM on 8/11/2011 was unexpected.
8/11/2011 6:02:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Scheduler Service service to connect.
8/11/2011 6:02:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}
8/11/2011 6:00:47 AM, Error: EventLog [6008] - The previous system shutdown at 5:57:52 AM on 8/11/2011 was unexpected.
8/11/2011 5:52:56 AM, Error: EventLog [6008] - The previous system shutdown at 5:50:01 AM on 8/11/2011 was unexpected.
8/11/2011 5:45:05 AM, Error: EventLog [6008] - The previous system shutdown at 5:42:43 AM on 8/11/2011 was unexpected.
8/11/2011 5:35:01 AM, Error: EventLog [6008] - The previous system shutdown at 5:32:40 AM on 8/11/2011 was unexpected.
8/11/2011 5:24:58 AM, Error: EventLog [6008] - The previous system shutdown at 5:21:53 AM on 8/11/2011 was unexpected.
8/11/2011 5:14:57 AM, Error: EventLog [6008] - The previous system shutdown at 5:12:49 AM on 8/11/2011 was unexpected.
8/11/2011 5:04:52 AM, Error: EventLog [6008] - The previous system shutdown at 5:01:49 AM on 8/11/2011 was unexpected.
8/11/2011 4:54:53 AM, Error: EventLog [6008] - The previous system shutdown at 4:51:48 AM on 8/11/2011 was unexpected.
8/11/2011 4:44:52 AM, Error: EventLog [6008] - The previous system shutdown at 4:41:46 AM on 8/11/2011 was unexpected.
8/11/2011 4:34:51 AM, Error: EventLog [6008] - The previous system shutdown at 4:31:45 AM on 8/11/2011 was unexpected.
8/11/2011 4:24:49 AM, Error: EventLog [6008] - The previous system shutdown at 4:22:40 AM on 8/11/2011 was unexpected.
8/11/2011 4:16:33 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp officejet 6100 series (Copy 1) with shared resource name hp officejet 6100 series (Copy 1). Error 2114. The printer cannot be used by others on the network.
8/11/2011 4:14:44 AM, Error: EventLog [6008] - The previous system shutdown at 4:12:19 AM on 8/11/2011 was unexpected.
8/11/2011 4:04:37 AM, Error: EventLog [6008] - The previous system shutdown at 4:02:23 AM on 8/11/2011 was unexpected.
8/11/2011 3:54:27 AM, Error: EventLog [6008] - The previous system shutdown at 3:50:57 AM on 8/11/2011 was unexpected.
8/11/2011 3:44:50 AM, Error: EventLog [6008] - The previous system shutdown at 3:39:14 AM on 8/11/2011 was unexpected.
8/11/2011 3:35:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2539636).
8/11/2011 3:29:21 AM, Error: EventLog [6008] - The previous system shutdown at 3:23:35 AM on 8/11/2011 was unexpected.
8/10/2011 9:17:21 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/10/2011 5:36:56 PM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed
8/10/2011 4:06:57 PM, Error: EventLog [6008] - The previous system shutdown at 4:04:20 PM on 8/10/2011 was unexpected.
8/10/2011 11:31:17 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough server storage is available to process this command.
8/10/2011 11:14:27 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
8/10/2011 11:11:26 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/10/2011 11:08:49 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/10/2011 11:07:48 PM, Error: EventLog [6008] - The previous system shutdown at 11:05:14 PM on 8/10/2011 was unexpected.
8/10/2011 10:44:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD archlp Cdr4_xp DfsC FAMv4 mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy pavboot PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 10:44:10 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2011 10:43:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/10/2011 10:43:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/10/2011 10:43:03 PM, Error: EventLog [6008] - The previous system shutdown at 10:41:04 PM on 8/10/2011 was unexpected.
8/10/2011 10:26:51 PM, Error: EventLog [6008] - The previous system shutdown at 10:24:13 PM on 8/10/2011 was unexpected.
8/10/2011 1:32:21 PM, Error: EventLog [6008] - The previous system shutdown at 1:30:40 PM on 8/10/2011 was unexpected.
8/10/2011 1:16:52 PM, Error: Service Control Manager [7034] - The Intel® Alert Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #4
==============================================
>Drivers
==============================================
0x94203000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10670080 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 275.33 )
0x8484A000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8484A000 PnpManager 3907584 bytes
0x8484A000 RAW 3907584 bytes
0x8484A000 WMIxWDM 3907584 bytes
0x81610000 Win32k 2113536 bytes
0x81610000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8D801000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x85202000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x95C01000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x9500F000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806D1000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB2C01000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x95D04000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA053D000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x95A74000 C:\Windows\system32\drivers\stwrt.sys 667648 bytes (SigmaTel, Inc., NDRC)
0x94C34000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x95409000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x850B4000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x84E0E000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x80607000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xB1C0E000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x85373000 C:\Windows\system32\DRIVERS\timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0x954B6000 C:\Windows\system32\drivers\av88base.sys 425984 bytes (Conexant, Inc., Conexant 88x base Driver)
0xA040D000 C:\Windows\System32\Drivers\tascusb2.sys 413696 bytes (TASCAM, TASCAM USB 2.0 Audio Driver)
0x8503C000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x8D94A000 C:\Windows\system32\DRIVERS\tdrpman.sys 364544 bytes (Acronis, Acronis Try&Decide and Restore Points Volume Filter Driver)
0xB2D96000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x81860000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9554B000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x96EDD000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x84F68000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x95197000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x84EBF000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80690000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x94D7A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x94D2D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x96E47000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x85338000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xB1CC8000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x85003000 C:\Windows\system32\drivers\PCTCore.sys 233472 bytes (PC Tools, PC Tools KDS Core Driver)
0x8D911000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x94CEB000 C:\Windows\system32\DRIVERS\e1e6032.sys 225280 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x95A2E000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x84817000 ACPI_HAL 208896 bytes
0x84817000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x84E8D000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x95165000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x955B5000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x94DBB000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB2D1E000 C:\Program Files\CyberLink\PowerDVD\000.fcl 180224 bytes (CyberLink Corp., -)
0x8530D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x9551E000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x96FA9000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA0489000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB2D6E000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8D9D9000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x95114000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x84F16000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA050F000 C:\Windows\System32\Drivers\CLBUDFR.SYS 155648 bytes (CyberLink Corporation., UDF File System Driver )
0x85181000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x95B17000 C:\Windows\system32\DRIVERS\FAMv4.sys 151552 bytes (FAMv4, FAMv4 mini-filter driver (x86))
0x96EB9000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x851A6000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x96E1F000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x85125000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x95B78000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xB1CA9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8D9AB000 C:\Windows\system32\DRIVERS\snapman.sys 126976 bytes (Acronis, Acronis Snapshot API)
0x807B1000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xB2CED000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x950F9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA04EA000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xB1C7B000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9549E000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB1D01000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x95DE4000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x96E8D000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x94DE8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x96F28000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB1D48000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB2D4A000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x951DF000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9513B000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x96EA4000 C:\Windows\system32\drivers\archlp.sys 86016 bytes
0xB1C94000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x807CF000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x95B99000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x851D8000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x95151000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x95597000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x96FDA000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x96E0C000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x96F3F000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0xB1D2D000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x853DE000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x95A63000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80677000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x84FEC000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x96F88000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA05ED000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x84FCE000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x95DC6000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x807E4000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x85172000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x85099000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x95000000 C:\Windows\system32\DRIVERS\mfenlfk.sys 61440 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0xA04DB000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8D9CA000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x84F3D000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x851C9000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x94D6B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x84F59000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x95DD6000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x81850000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x95BE2000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x95BCB000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x84FB9000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x84E7F000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xA04B1000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x96F6E000 C:\Windows\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0x95DB9000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0xA047C000 C:\Windows\system32\drivers\tscusb2a.sys 53248 bytes (TASCAM, TASCAM US-122L/144 WDM Driver)
0x95A21000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x96F51000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0xB2DE5000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xB2D60000 C:\Windows\system32\drivers\mfebopk.sys 49152 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x851EC000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xB2D0A000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x95B6C000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x94CD4000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xA04BE000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x94CE0000 C:\Windows\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0x955AA000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x84E00000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x95BC0000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x955F5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x955E4000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8515E000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x94D22000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x84F4F000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0xA04D1000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x95A0F000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA0400000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x96E83000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x807F4000 C:\Windows\system32\DRIVERS\rrnetcap.sys 40960 bytes (RapidSolution Software AG, Intermediate Filter Driver)
0xB2CE3000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xA0505000 C:\Windows\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xA0472000 C:\Windows\system32\drivers\tscusb2m.sys 40960 bytes (TASCAM, US-122L/144 WDM MIDI Driver)
0x96F5E000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0xB1D19000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xB1D65000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x853EF000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x95B3E000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x96F7F000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x96F98000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x850AB000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x95BD9000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x81830000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x85169000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x84F05000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x95496000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0x84FE4000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80688000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2DF7000 C:\Windows\system32\DRIVERS\DKRtWrt.sys 32768 bytes (Diskeeper Corporation, Diskeeper IntelliWrite Mini-Filter Driver)
0xA04C9000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x96FA1000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x84F0E000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x95A19000 C:\Windows\system32\DRIVERS\nvoclock.sys 32768 bytes (NVIDIA Corp., NVIDIA System Utility Driver)
0x95BB0000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x95BB8000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D9A3000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xB2D16000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x95B4E000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x95B55000 C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys 28672 bytes (Symantec Corporation, Symantec Ghost PCI Scanner Kernal Mode Driver)
0x95B65000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x84FB2000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xB1D5E000 C:\Users\daustin\AppData\Local\Temp\mbr.sys 28672 bytes
0x96FD3000 C:\Windows\system32\DRIVERS\nmsgopro.sys 28672 bytes (Gteko Ltd., Gteko's GoProto protocol driver)
0x95B47000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xB1D22000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x84FC7000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x96F68000 C:\Windows\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0x84FDE000 C:\Windows\system32\drivers\pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0x96E41000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x955EF000 C:\Windows\system32\drivers\tbhsd.sys 24576 bytes (RapidSolution Software AG, Tunebite High-Speed Dubbing)
0xB1D3E000 C:\Windows\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0x96F7B000 C:\Windows\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xB2DF1000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xB1D42000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x94C30000 C:\Windows\System32\Drivers\nvBridge.kmd 16384 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 275.33 )
0xB1D29000 C:\Windows\System32\Drivers\ppsio2.SYS 16384 bytes (-, Flatbed DevDriver/NT4 v3.25 Build 315)
0xB2CDF000 C:\Windows\system32\Drivers\SBKUPNT.SYS 16384 bytes
0x95548000 C:\Windows\system32\drivers\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x850A8000 C:\Windows\System32\Drivers\CLBStor.sys 12288 bytes (Cyberlink Co.,Ltd., Cyberlink Storage Helper Driver (WindowsNT5.x))
0x84F4C000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x892B1000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x95DFE000 C:\Windows\System32\Drivers\IntelDH.sys 8192 bytes (Intel Corporation, Intel® software driver for Intel® Viiv™ technology)
0xB2DF5000 C:\Windows\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xB1D46000 C:\Windows\system32\DRIVERS\nmsunidr.sys 8192 bytes (Gteko Ltd., GUniDriver)
0x95DFC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x95BAE000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 11 August 2011 - 11:13 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 fastback

fastback
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 12 August 2011 - 11:14 AM

I tried running Combofix and it appeared to have completed but when it gets to the point of creating the report the pc crashes and restarts. I tried running this three times.
Should I try running Combofix again in Safe Mode?

#9 fastback

fastback
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 12 August 2011 - 11:18 AM

Oh almost for got that Combofix listed several files that it was deleting, I didn't get some of the full names but here they are.

bhO_pro.... asycfilt32.dll, asycfilt32.exe, isindex.dat, rnnblacqwofstv.dll hope this helps.

Edited by fastback, 12 August 2011 - 11:19 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 12 August 2011 - 12:56 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 fastback

fastback
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 12 August 2011 - 02:32 PM

Ran combo fix in safe mode user profile wiltthestilt left for awhile and when I returned a report was open on the screen. I dont believe the pc restarted to generate this report. My pc continues to shutdown/crash blue screen.
Tried 2 times to create this message for you, anyway heres the report.

ComboFix 11-08-11.06 - wiltthestilt 08/12/2011 10:52:18.3.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2712 [GMT -7:00]
Running from: c:\users\daustin\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
ADS - Windows: deleted 192 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\asycfilt32.dll
c:\programdata\asycfilt32.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\users\daustin\AppData\Roaming\Adobe\plugs
c:\users\daustin\AppData\Roaming\Adobe\shed
c:\users\daustin\Documents\csrss.exe
c:\users\Public\Desktop\Security Protection.lnk
c:\users\wiltthestilt\AppData\Roaming\Mozilla\Firefox\Profiles\kz69fpo6.default\extensions\{6b7f762e-70ab-4933-b877-b3ec46f44a54}
c:\users\wiltthestilt\AppData\Roaming\Mozilla\Firefox\Profiles\kz69fpo6.default\extensions\{6b7f762e-70ab-4933-b877-b3ec46f44a54}\chrome.manifest
c:\users\wiltthestilt\AppData\Roaming\Mozilla\Firefox\Profiles\kz69fpo6.default\extensions\{6b7f762e-70ab-4933-b877-b3ec46f44a54}\chrome\xulcache.jar
c:\users\wiltthestilt\AppData\Roaming\Mozilla\Firefox\Profiles\kz69fpo6.default\extensions\{6b7f762e-70ab-4933-b877-b3ec46f44a54}\defaults\preferences\xulcache.js
c:\users\wiltthestilt\AppData\Roaming\Mozilla\Firefox\Profiles\kz69fpo6.default\extensions\{6b7f762e-70ab-4933-b877-b3ec46f44a54}\install.rdf
c:\windows\system\svchost.exe
c:\windows\system32\asycfilt32.dll
c:\windows\system32\hookdll.dll
c:\windows\Update.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-12 18:03 . 2011-08-12 18:03 -------- d-----w- c:\users\wiltthestilt\AppData\Local\temp
2011-08-12 18:03 . 2011-08-12 18:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-08-12 18:03 . 2011-08-12 18:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-12 18:03 . 2011-08-12 18:03 -------- d-----w- c:\users\NeroMediaHomeUser.4.daustin-PC\AppData\Local\temp
2011-08-12 18:03 . 2011-08-12 18:03 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-08-12 18:03 . 2011-08-12 18:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-12 18:03 . 2011-08-12 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-12 18:03 . 2011-08-12 18:03 -------- d-----w- c:\users\daustin_jr\AppData\Local\temp
2011-08-12 18:03 . 2011-08-12 18:03 -------- d-----w- c:\users\daustin\AppData\Local\temp
2011-08-12 15:53 . 2011-08-12 15:53 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-08-12 15:53 . 2011-08-12 15:53 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-08-12 15:53 . 2011-08-12 15:53 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-08-12 15:53 . 2011-08-12 15:53 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-08-11 14:47 . 2011-08-12 07:20 -------- d-----w- c:\program files\Object
2011-08-11 14:41 . 2011-08-11 14:41 218624 ----a-w- c:\windows\system32\teldsw32.dll
2011-08-11 10:03 . 2011-08-11 10:03 -------- d-----w- C:\7e89ffc231e636955c99fc5509a9f7
2011-08-11 00:07 . 2011-08-11 00:07 -------- d-----w- C:\Adobe
2011-08-10 20:28 . 2011-08-10 20:28 39558 ----a-w- c:\windows\system32\pjvoqpkzykpauo.exe
2011-08-10 20:28 . 2011-08-11 08:14 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-08-10 20:24 . 2011-08-10 20:24 656896 ----a-w- c:\windows\system32\NlsData001a32.exe
2011-08-10 20:14 . 2011-08-10 20:14 -------- d-----w- c:\windows\Sun
2011-08-10 11:22 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 11:22 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 11:22 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 11:21 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 11:21 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 11:21 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-01 15:13 . 2011-08-01 15:13 -------- d-----w- c:\program files\File Type Assistant
2011-08-01 15:13 . 2011-08-01 15:14 -------- d-----w- c:\program files\simppulltoolbar
2011-07-24 06:34 . 2011-07-24 06:34 -------- d-----w- c:\program files\ESET
2011-07-23 17:33 . 2011-07-23 17:33 -------- d-----w- c:\users\daustin\AppData\Local\{69BEDBB0-B06C-49B7-9763-6FCDDC75257E}
2011-07-22 16:31 . 2011-07-22 16:31 -------- d-----w- c:\users\wiltthestilt\AppData\Roaming\Arturia
2011-07-22 16:30 . 2011-07-22 16:30 -------- d-----w- c:\users\wiltthestilt\AppData\Roaming\iZotope
2011-07-22 16:26 . 2011-07-22 16:34 -------- d-----w- c:\users\wiltthestilt\AppData\Roaming\Steinberg
2011-07-22 14:09 . 2011-07-22 14:09 -------- d-----w- c:\users\wiltthestilt\AppData\Local\MagicSoftware
2011-07-14 20:33 . 2011-07-14 20:33 -------- d-----w- c:\users\daustin\AppData\Local\{F6701D1A-E9F5-4950-90CD-23FF720374A6}
2011-07-14 01:18 . 2011-08-11 10:42 163184 ----a-w- c:\windows\DUMPe147.tmp
2011-07-14 01:18 . 2011-08-11 10:26 163184 ----a-w- c:\windows\DUMPdd9e.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-10 16:41 . 2011-05-17 14:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 14:44 . 2011-06-23 18:05 208 ----a-w- c:\users\daustin\AppData\Roaming\msregsvv.dll
2011-07-24 13:34 . 2011-07-08 22:23 0 ----a-w- c:\users\daustin\AppData\Local\Cgaca.bin
2011-07-07 02:52 . 2009-03-18 05:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 02:52 . 2009-03-18 05:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-02 13:34 . 2011-07-13 15:25 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-21 13:01 . 2011-05-21 13:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-21 13:01 . 2011-05-21 13:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-21 13:01 . 2011-05-21 13:01 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-21 13:01 . 2011-05-21 13:01 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 13:01 . 2011-05-21 13:01 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 13:01 . 2011-05-21 13:01 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 13:01 . 2011-05-21 13:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 13:01 . 2011-05-21 13:01 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-21 13:01 . 2011-05-21 13:01 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 13:01 . 2011-05-21 13:01 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-21 13:01 . 2011-05-21 13:01 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-21 13:01 . 2011-05-21 13:01 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 13:01 . 2011-04-08 05:45 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-21 13:01 . 2011-04-08 05:45 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-21 13:01 . 2011-04-08 05:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 13:01 . 2011-04-08 05:44 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 13:01 . 2011-04-08 05:44 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-21 13:01 . 2009-09-28 00:47 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-21 13:01 . 2009-09-28 00:47 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-21 13:01 . 2009-09-27 20:12 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-06-23 05:10 . 2011-03-27 21:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 21:01 . 2011-02-21 23:46 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor .exe
c:\program files\QuickTime\QTTask .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5806fa2d-e338-4a24-a20c-5da56ba3b2ad}]
2011-07-25 15:43 81920 ----a-w- c:\program files\simppulltoolbar\w3itemplateX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FAE9B9F-8671-BBC5-37FA-DA1F832FF016}]
c:\users\daustin\AppData\Local\Temp\nsrE00A.tmp.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{5806fa2d-e338-4a24-a20c-5da56ba3b2ad}"= "c:\program files\simppulltoolbar\w3itemplateX.dll" [2011-07-25 81920]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5806fa2d-e338-4a24-a20c-5da56ba3b2ad}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_Backedup]
@="{6BEDF914-4178-42DE-8D48-B11A9B8DC7AB}"
[HKEY_CLASSES_ROOT\CLSID\{6BEDF914-4178-42DE-8D48-B11A9B8DC7AB}]
2008-07-30 22:40 471104 ----a-w- c:\program files\Spare Backup\SpareShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_Failed]
@="{20FA8895-5630-473A-A86A-54166558605F}"
[HKEY_CLASSES_ROOT\CLSID\{20FA8895-5630-473A-A86A-54166558605F}]
2008-07-30 22:40 471104 ----a-w- c:\program files\Spare Backup\SpareShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_NotBackedup]
@="{D432C173-DFAD-491A-A01A-4E7AE1670A6F}"
[HKEY_CLASSES_ROOT\CLSID\{D432C173-DFAD-491A-A01A-4E7AE1670A6F}]
2008-07-30 22:40 471104 ----a-w- c:\program files\Spare Backup\SpareShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"P2kAutostart"="" [N/A]
"Power2GoExpress"="" [N/A]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]
"AdobeBridge"="" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-05-27 209216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2010-9-6 6871952]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk]
backup=c:\windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^daustin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8DDYX0ZBPZ]
c:\users\daustin\AppData\Local\Temp\Rcl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-06-25 03:06 904768 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 19:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-08-26 04:19 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 18:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-09-04 20:16 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2008-06-25 02:52 1325848 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gvesozeyesogufu]
c:\users\daustin\AppData\Local\eyeboqud.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hlefujofuloho]
c:\users\daustin\AppData\Local\spnvtkb.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 16:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2008-09-09 08:21 623880 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 23:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2009-04-17 02:56 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2010-05-18 03:55 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-07-07 02:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-07 02:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 23:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-12-12 18:02 81920 ------w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2009-04-17 02:54 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2008-06-25 02:56 136472 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-11-22 22:56 303104 ----a-w- c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-06-13 16:16 528384 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-07-15 06:26 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TM Control]
2007-02-06 01:50 188492 ------w- c:\windows\System32\TMController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-02-22 04:04 222504 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-09-24 18:06 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-12-04 06:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-21 05:44 210216 ------w- c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 17:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2412501133-2617451092-636767301-1001]
"EnableNotificationsRef"=dword:00000001
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-20 28544]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2010-01-13 89728]
R1 FAMv4;FAMv4;c:\windows\system32\DRIVERS\FAMv4.sys [2008-03-27 139800]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 CLBUDFR;CyberLink UDF Filesystem; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2010-09-06 2077072]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
R2 Netlogon32;Netlogon ;c:\windows\system32\NlsData001a32.exe [2011-08-10 656896]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-01-31 68928]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-28 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R2 ppsio2;PPDevice; [x]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
R2 TermServices;Remote Desktop Services;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 AV88BASE;Cx2388x Base Driver;c:\windows\system32\drivers\av88base.sys [2007-04-12 423936]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 44416]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 38608]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-12-12 10976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-19 133104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2009-10-26 27168]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2009-10-26 27168]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
R3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2009-07-30 20992]
R3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2009-07-30 33792]
R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-02-02 87336]
R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-05 29744]
R4 gupdate1c979e8d13ed718;Google Update Service (gupdate1c979e8d13ed718);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-19 133104]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-22 1355968]
R4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-25 431384]
S0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-12-05 5504]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2009-07-30 386560]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
rsmsvcs REG_MULTI_SZ ntmssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
terlfsc REG_MULTI_SZ TermServices
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
//B [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 23:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 23:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-05 03:49]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-19 03:48]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-19 03:48]
.
2011-08-11 c:\windows\Tasks\NeroLiveEpgUpdate-daustin-PC_daustin.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2009-05-13 18:16]
.
2011-08-12 c:\windows\Tasks\User_Feed_Synchronization-{E0F61D60-27E3-4084-8A08-22B229A3ADFC}.job
- c:\windows\system32\msfeedssync.exe [2011-05-07 05:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: live.com\onecare
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\wiltthestilt\AppData\Roaming\Mozilla\Firefox\Profiles\kz69fpo6.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{01915875-86EE-4723-B9AE-8416BB279270} - c:\windows\system32\asycfilt32.dll
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 11:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{01915875-86EE-4723-B9AE-8416BB279270}"=hex:51,66,7a,6c,4c,1d,38,12,1b,5b,82,
05,dc,c8,4d,02,c6,b8,c7,56,be,79,d6,64
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1536)
c:\program files\Spare Backup\SpareShellExtension.dll
c:\program files\Spare Backup\sqlite3.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-08-12 11:07:42
ComboFix-quarantined-files.txt 2011-08-12 18:07
.
Pre-Run: 778,162,921,472 bytes free
Post-Run: 778,089,508,864 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=47 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47
- - End Of File - - 4FB4F1C6CE77010014A7DA6584DBD2AA

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 12 August 2011 - 02:37 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 fastback

fastback
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 12 August 2011 - 02:37 PM

Failed to mention, I haven't seen the csrss.exe prompt when windows starts and opens so I'm assuming that's fixed but the shutdown is a killer. When the pc
originally shut I had my monitor in split screen on two monitors, wondering did it mess up my video card?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 12 August 2011 - 02:45 PM

Hello

we cross poste so see above.

I don't think it messed up the card - maybe the drivers but not the card


see poste above



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 fastback

fastback
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 12 August 2011 - 03:02 PM

Here's the report

2011/08/12 12:47:47.0842 5508 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/12 12:47:48.0347 5508 ================================================================================
2011/08/12 12:47:48.0347 5508 SystemInfo:
2011/08/12 12:47:48.0347 5508
2011/08/12 12:47:48.0347 5508 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/12 12:47:48.0347 5508 Product type: Workstation
2011/08/12 12:47:48.0347 5508 ComputerName: DAUSTIN-PC
2011/08/12 12:47:48.0348 5508 UserName: daustin
2011/08/12 12:47:48.0348 5508 Windows directory: C:\Windows
2011/08/12 12:47:48.0348 5508 System windows directory: C:\Windows
2011/08/12 12:47:48.0348 5508 Processor architecture: Intel x86
2011/08/12 12:47:48.0348 5508 Number of processors: 4
2011/08/12 12:47:48.0348 5508 Page size: 0x1000
2011/08/12 12:47:48.0348 5508 Boot type: Normal boot
2011/08/12 12:47:48.0348 5508 ================================================================================
2011/08/12 12:47:50.0690 5508 Initialize success
2011/08/12 12:48:09.0395 5992 ================================================================================
2011/08/12 12:48:09.0395 5992 Scan started
2011/08/12 12:48:09.0395 5992 Mode: Manual;
2011/08/12 12:48:09.0395 5992 ================================================================================
2011/08/12 12:48:10.0723 5992 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
2011/08/12 12:48:10.0846 5992 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/12 12:48:11.0035 5992 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
2011/08/12 12:48:11.0119 5992 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/12 12:48:11.0165 5992 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/12 12:48:11.0262 5992 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/12 12:48:11.0292 5992 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/12 12:48:11.0392 5992 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/08/12 12:48:11.0497 5992 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/12 12:48:11.0566 5992 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/12 12:48:11.0655 5992 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/12 12:48:11.0731 5992 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/08/12 12:48:11.0788 5992 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/12 12:48:11.0831 5992 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/08/12 12:48:11.0887 5992 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/12 12:48:11.0963 5992 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/12 12:48:12.0094 5992 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/12 12:48:12.0171 5992 archlp (424b46f9448de820452ed2c49a394e3f) C:\Windows\system32\drivers\archlp.sys
2011/08/12 12:48:12.0239 5992 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/12 12:48:12.0301 5992 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\Windows\system32\drivers\Aspi32.sys
2011/08/12 12:48:12.0404 5992 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/12 12:48:12.0450 5992 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/12 12:48:12.0690 5992 AV88BASE (bae76718dd78dd7b53e7e41612600ad8) C:\Windows\system32\drivers\av88base.sys
2011/08/12 12:48:12.0778 5992 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/08/12 12:48:12.0872 5992 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/12 12:48:13.0043 5992 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/12 12:48:13.0106 5992 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/12 12:48:13.0153 5992 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/12 12:48:13.0208 5992 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/12 12:48:13.0339 5992 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/12 12:48:13.0381 5992 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/12 12:48:13.0517 5992 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/12 12:48:13.0594 5992 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/12 12:48:13.0788 5992 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/12 12:48:13.0846 5992 Cdr4_xp (223dea13c9d064babc882b4727f6f905) C:\Windows\system32\drivers\Cdr4_xp.sys
2011/08/12 12:48:13.0877 5992 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\Windows\system32\drivers\Cdralw2k.sys
2011/08/12 12:48:13.0920 5992 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/12 12:48:14.0007 5992 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/08/12 12:48:14.0080 5992 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/12 12:48:14.0127 5992 CLBStor (cc82215750723d839dbc5d2d625fc130) C:\Windows\system32\drivers\CLBStor.sys
2011/08/12 12:48:14.0167 5992 CLBUDFR (c002f79e6ee9bdf442514435c3d2bcb6) C:\Windows\system32\drivers\CLBUDFR.sys
2011/08/12 12:48:14.0224 5992 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/12 12:48:14.0311 5992 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/12 12:48:14.0337 5992 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/08/12 12:48:14.0395 5992 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/12 12:48:14.0478 5992 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/12 12:48:14.0579 5992 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/12 12:48:14.0669 5992 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\Windows\system32\DRIVERS\dc3d.sys
2011/08/12 12:48:14.0768 5992 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/12 12:48:14.0852 5992 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/12 12:48:14.0984 5992 DKRtWrt (ab24ee68ff85a592586c03a3f339fcd5) C:\Windows\system32\DRIVERS\DKRtWrt.sys
2011/08/12 12:48:15.0062 5992 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/12 12:48:15.0287 5992 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/12 12:48:15.0377 5992 e1express (9f3e3f19d28b3b4ff261a1e758f4ad26) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/08/12 12:48:15.0480 5992 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/12 12:48:15.0568 5992 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/12 12:48:15.0622 5992 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/12 12:48:15.0733 5992 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/12 12:48:15.0789 5992 FAMv4 (5e94a2c19a5878230793983244c54bf8) C:\Windows\system32\DRIVERS\FAMv4.sys
2011/08/12 12:48:15.0845 5992 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/12 12:48:15.0873 5992 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/12 12:48:15.0945 5992 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/12 12:48:15.0987 5992 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/12 12:48:16.0122 5992 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/12 12:48:16.0216 5992 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/12 12:48:16.0245 5992 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/12 12:48:16.0285 5992 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/12 12:48:16.0438 5992 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/12 12:48:16.0509 5992 ggflt (9ae4cd2acdf58325fd38b416c1decf1d) C:\Windows\system32\DRIVERS\ggflt.sys
2011/08/12 12:48:16.0548 5992 ggsemc (4b0bd44af495fc5b89477328f22f36ec) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/08/12 12:48:16.0661 5992 GhPciScan (4d0e1ddfc571285a0bbabb0a534f4d3d) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
2011/08/12 12:48:16.0817 5992 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/08/12 12:48:16.0870 5992 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/12 12:48:16.0934 5992 HECI (d0fc694df051bc65946db616f20d1168) C:\Windows\system32\DRIVERS\HECI.sys
2011/08/12 12:48:16.0968 5992 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/12 12:48:16.0993 5992 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/12 12:48:17.0017 5992 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/12 12:48:17.0073 5992 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/12 12:48:17.0209 5992 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\Windows\system32\DRIVERS\HPZid412.sys
2011/08/12 12:48:17.0300 5992 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\Windows\system32\DRIVERS\HPZipr12.sys
2011/08/12 12:48:17.0411 5992 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\Windows\system32\DRIVERS\HPZius12.sys
2011/08/12 12:48:17.0523 5992 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/12 12:48:17.0645 5992 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/08/12 12:48:17.0743 5992 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/12 12:48:17.0781 5992 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/12 12:48:17.0849 5992 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/12 12:48:17.0934 5992 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
2011/08/12 12:48:18.0054 5992 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/12 12:48:18.0214 5992 igfx (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/12 12:48:18.0550 5992 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/12 12:48:19.0017 5992 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
2011/08/12 12:48:19.0336 5992 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/08/12 12:48:19.0734 5992 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/12 12:48:20.0137 5992 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/12 12:48:20.0863 5992 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/12 12:48:21.0040 5992 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/12 12:48:21.0136 5992 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/12 12:48:21.0210 5992 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/12 12:48:21.0271 5992 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/12 12:48:21.0334 5992 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/12 12:48:21.0396 5992 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/12 12:48:21.0541 5992 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/12 12:48:21.0793 5992 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/12 12:48:21.0953 5992 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/12 12:48:22.0063 5992 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
2011/08/12 12:48:22.0149 5992 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/12 12:48:22.0276 5992 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/12 12:48:22.0414 5992 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/12 12:48:22.0508 5992 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/12 12:48:22.0560 5992 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/12 12:48:22.0639 5992 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/12 12:48:22.0778 5992 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/12 12:48:22.0825 5992 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/12 12:48:22.0976 5992 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/08/12 12:48:23.0065 5992 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/08/12 12:48:23.0166 5992 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/08/12 12:48:23.0218 5992 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/08/12 12:48:23.0263 5992 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/08/12 12:48:23.0314 5992 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/08/12 12:48:23.0344 5992 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/08/12 12:48:23.0432 5992 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/08/12 12:48:23.0560 5992 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/08/12 12:48:23.0615 5992 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/08/12 12:48:23.0664 5992 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/12 12:48:23.0735 5992 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/12 12:48:23.0915 5992 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motmodem.sys
2011/08/12 12:48:24.0017 5992 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/12 12:48:24.0046 5992 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/12 12:48:24.0085 5992 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/12 12:48:24.0160 5992 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/12 12:48:24.0247 5992 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/12 12:48:24.0386 5992 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/12 12:48:24.0431 5992 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/12 12:48:24.0570 5992 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/12 12:48:24.0651 5992 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/12 12:48:24.0697 5992 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/12 12:48:24.0741 5992 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/08/12 12:48:24.0786 5992 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/12 12:48:24.0938 5992 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/12 12:48:25.0005 5992 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/12 12:48:25.0045 5992 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/12 12:48:25.0117 5992 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/12 12:48:25.0142 5992 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/12 12:48:25.0227 5992 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/12 12:48:25.0257 5992 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/12 12:48:25.0277 5992 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/12 12:48:25.0327 5992 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/12 12:48:25.0404 5992 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/12 12:48:25.0456 5992 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/12 12:48:25.0486 5992 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/12 12:48:25.0558 5992 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/12 12:48:25.0623 5992 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/12 12:48:25.0668 5992 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/12 12:48:25.0752 5992 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/12 12:48:25.0820 5992 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/12 12:48:25.0997 5992 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2011/08/12 12:48:26.0079 5992 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/12 12:48:26.0160 5992 nmsgopro (acc8d7fc0da793450f5f257d9ce4ff75) C:\Windows\system32\DRIVERS\nmsgopro.sys
2011/08/12 12:48:26.0191 5992 nmsunidr (64fa28c15dd71a80bef3527e1ef07df6) C:\Windows\system32\DRIVERS\nmsunidr.sys
2011/08/12 12:48:26.0210 5992 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/12 12:48:26.0257 5992 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/12 12:48:26.0473 5992 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/12 12:48:26.0520 5992 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/12 12:48:26.0617 5992 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/12 12:48:27.0181 5992 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/12 12:48:27.0280 5992 nvoclock (96c5900331bd17344f338d006888bae5) C:\Windows\system32\DRIVERS\nvoclock.sys
2011/08/12 12:48:27.0327 5992 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/12 12:48:27.0452 5992 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/12 12:48:27.0533 5992 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/12 12:48:27.0749 5992 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/12 12:48:27.0814 5992 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/08/12 12:48:27.0869 5992 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/12 12:48:27.0906 5992 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/12 12:48:27.0952 5992 pavboot (210a628a0d7b3f45257850efbff27538) C:\Windows\system32\drivers\pavboot.sys
2011/08/12 12:48:27.0986 5992 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/12 12:48:28.0058 5992 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/12 12:48:28.0119 5992 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/12 12:48:28.0185 5992 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/08/12 12:48:28.0234 5992 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\Windows\system32\drivers\PCTCore.sys
2011/08/12 12:48:28.0367 5992 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/12 12:48:28.0579 5992 ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\Windows\system32\drivers\ppsio2.sys
2011/08/12 12:48:28.0651 5992 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/12 12:48:28.0684 5992 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/12 12:48:28.0783 5992 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/12 12:48:28.0886 5992 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/12 12:48:28.0966 5992 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/12 12:48:28.0997 5992 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/12 12:48:29.0038 5992 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/12 12:48:29.0212 5992 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/12 12:48:29.0291 5992 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/12 12:48:29.0426 5992 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/12 12:48:29.0544 5992 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/12 12:48:29.0606 5992 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/12 12:48:29.0644 5992 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/12 12:48:29.0724 5992 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/12 12:48:29.0762 5992 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/12 12:48:29.0807 5992 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/12 12:48:29.0904 5992 RRNetCap (fceae318066198c162d2176ec2975ace) C:\Windows\system32\DRIVERS\rrnetcap.sys
2011/08/12 12:48:29.0917 5992 RRNetCapMP (fceae318066198c162d2176ec2975ace) C:\Windows\system32\DRIVERS\rrnetcap.sys
2011/08/12 12:48:30.0036 5992 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/12 12:48:30.0113 5992 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys
2011/08/12 12:48:30.0162 5992 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys
2011/08/12 12:48:30.0299 5992 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys
2011/08/12 12:48:30.0349 5992 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys
2011/08/12 12:48:30.0416 5992 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows\system32\DRIVERS\s125obex.sys
2011/08/12 12:48:30.0546 5992 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/12 12:48:30.0603 5992 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/12 12:48:30.0673 5992 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\Windows\system32\Drivers\SBKUPNT.SYS
2011/08/12 12:48:30.0749 5992 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/12 12:48:30.0857 5992 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/12 12:48:30.0950 5992 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/12 12:48:31.0079 5992 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/12 12:48:31.0128 5992 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/12 12:48:31.0205 5992 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/12 12:48:31.0256 5992 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/08/12 12:48:31.0368 5992 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/12 12:48:31.0424 5992 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/12 12:48:31.0510 5992 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/12 12:48:31.0600 5992 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/12 12:48:31.0624 5992 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/12 12:48:31.0668 5992 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/12 12:48:31.0816 5992 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/12 12:48:31.0900 5992 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
2011/08/12 12:48:32.0000 5992 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/12 12:48:32.0125 5992 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/12 12:48:32.0189 5992 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/12 12:48:32.0226 5992 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/12 12:48:32.0362 5992 STHDA (ab2059ae6d9243c502c86824bc40439e) C:\Windows\system32\drivers\stwrt.sys
2011/08/12 12:48:32.0592 5992 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/12 12:48:32.0636 5992 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/12 12:48:32.0672 5992 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/12 12:48:32.0738 5992 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/12 12:48:32.0857 5992 TASCAM_US122144 (6ca4684a6d0406487b334e20afbfda29) C:\Windows\system32\Drivers\tascusb2.sys
2011/08/12 12:48:32.0890 5992 TASCAM_US144_MK2_MIDI (93147900549a9ab74212dea5234109f3) C:\Windows\system32\drivers\tscusb2m.sys
2011/08/12 12:48:33.0027 5992 TASCAM_US144_MK2_WDM (248b76aeabb98356b283fdd603ef3d6c) C:\Windows\system32\drivers\tscusb2a.sys
2011/08/12 12:48:33.0248 5992 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\Windows\system32\drivers\tbhsd.sys
2011/08/12 12:48:33.0315 5992 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/12 12:48:33.0349 5992 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/12 12:48:33.0437 5992 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/12 12:48:33.0574 5992 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/12 12:48:33.0756 5992 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
2011/08/12 12:48:33.0860 5992 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/12 12:48:33.0923 5992 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/12 12:48:34.0049 5992 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/12 12:48:34.0204 5992 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/08/12 12:48:34.0253 5992 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
2011/08/12 12:48:34.0471 5992 TSHWMDTCP (3f6dc449398b21c213dcdd18f460df72) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/08/12 12:48:34.0560 5992 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/12 12:48:34.0582 5992 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/12 12:48:34.0753 5992 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/12 12:48:34.0788 5992 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/12 12:48:34.0945 5992 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/12 12:48:35.0011 5992 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/12 12:48:35.0084 5992 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/12 12:48:35.0118 5992 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/12 12:48:35.0165 5992 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/12 12:48:35.0326 5992 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/12 12:48:35.0420 5992 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/12 12:48:35.0500 5992 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/08/12 12:48:35.0554 5992 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/12 12:48:35.0615 5992 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/12 12:48:35.0712 5992 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/12 12:48:35.0796 5992 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/12 12:48:35.0827 5992 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/12 12:48:35.0855 5992 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/12 12:48:36.0002 5992 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/12 12:48:36.0060 5992 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/12 12:48:36.0167 5992 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/12 12:48:36.0450 5992 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/12 12:48:36.0626 5992 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/12 12:48:36.0831 5992 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/12 12:48:36.0935 5992 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/12 12:48:36.0963 5992 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/08/12 12:48:36.0987 5992 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/12 12:48:37.0039 5992 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/12 12:48:37.0112 5992 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/12 12:48:37.0151 5992 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/12 12:48:37.0305 5992 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/12 12:48:37.0474 5992 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 12:48:37.0524 5992 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 12:48:37.0606 5992 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/12 12:48:37.0664 5992 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/12 12:48:37.0748 5992 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/12 12:48:37.0936 5992 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/12 12:48:38.0019 5992 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/12 12:48:38.0107 5992 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/12 12:48:38.0192 5992 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/12 12:48:38.0345 5992 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/12 12:48:38.0545 5992 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/08/12 12:48:38.0599 5992 MBR (0x1B8) (eb14130d7d174c72180d1c108d0b9a0b) \Device\Harddisk0\DR0
2011/08/12 12:48:38.0602 5992 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/12 12:48:39.0186 5992 MBR (0x1B8) (99efe497351eda3fc23e5887dce54f6b) \Device\Harddisk1\DR1
2011/08/12 12:48:47.0437 5992 MBR (0x1B8) (633150eb706c046d64591b7da0597813) \Device\Harddisk6\DR6
2011/08/12 12:48:47.0464 5992 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR7
2011/08/12 12:48:47.0478 5992 Boot (0x1200) (faf0204b79d3dfac987bfe2c9f7c7de7) \Device\Harddisk0\DR0\Partition0
2011/08/12 12:48:47.0502 5992 Boot (0x1200) (a09f9c0f203d3055e0c5a24dc9887441) \Device\Harddisk0\DR0\Partition1
2011/08/12 12:48:47.0522 5992 Boot (0x1200) (6a5c7e180e9d46940d219c85a6570b49) \Device\Harddisk1\DR1\Partition0
2011/08/12 12:48:47.0547 5992 Boot (0x1200) (61dbe6c23ca7576638e2addecfd9ebac) \Device\Harddisk6\DR6\Partition0
2011/08/12 12:48:47.0558 5992 Boot (0x1200) (0469189a3cef8e2bf56cf8e276026cf0) \Device\Harddisk7\DR7\Partition0
2011/08/12 12:48:47.0565 5992 ================================================================================
2011/08/12 12:48:47.0565 5992 Scan finished
2011/08/12 12:48:47.0565 5992 ================================================================================
2011/08/12 12:48:47.0573 4428 Detected object count: 1
2011/08/12 12:48:47.0573 4428 Actual detected object count: 1
2011/08/12 12:48:56.0866 4428 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/12 12:48:56.0870 4428 \Device\Harddisk0\DR0 - ok
2011/08/12 12:48:56.0874 4428 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/12 12:49:10.0235 3612 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users